ChatGPT: The Curious Case of Attack Vectors' Supply Chain Management Improvement

The field of Natural Language Processing has observed significant advancements in the development of sophisticated conversational Artificial Intelligence systems. ChatGPT is one such state-of-the-art conversational system that has attracted considerable interest and adoption. It enables developers to create highly interactive and engaging conversational applications using deep neural networks to produce human-like responses to user inputs. Such capabilities have made it popular in the threat actors' world. However, threat actors can abuse this chatbot to generate attack vectors as part of an operation. ChatGPT can be abused to produce practical and realistic communications that can be used in phishing attacks. These communications help the attack vectors distribution, i.e., prompt users to download and set up malware or disclose confidential information. ChatGPT has security measures to prevent malicious queries from generating attack vectors. However, the threat actors can circumvent such security controls through deception. This abusive use of ChatGPT makes the supply chain management of attack vectors effective and efficient. In this study, we presented evidence from various sources, showing how ChatGPT is abused to help the threat actors to improve each step of the attack vectors' supply chain management.

[1]  The Lancet Digital Health ChatGPT: friend or foe? , 2023, The Lancet. Digital health.

[2]  M. Ahsan,et al.  BERT Against Social Engineering Attack: Phishing Text Detection , 2022, 2022 IEEE International Conference on Electro Information Technology (eIT).

[3]  M. Chowdhury,et al.  Card Skimming: A Cybercrime by Hackers , 2022, 2022 IEEE International Conference on Electro Information Technology (eIT).

[4]  M. Chowdhury,et al.  Malware: A Software for Cybercrime , 2022, 2022 IEEE International Conference on Electro Information Technology (eIT).

[5]  M. Chowdhury,et al.  Managing the Cyber World: Hacker Edition , 2021, 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).

[6]  M. D. Minhaz Chowdhury,et al.  Social Engineering: The Looming Threat , 2021, 2021 IEEE International Conference on Electro Information Technology (EIT).

[7]  Matthew A. Mos,et al.  The Growing Influence of Ransomware , 2020, 2020 IEEE International Conference on Electro Information Technology (EIT).

[8]  Kendall E. Nygard,et al.  Deception in Cyberspace: Performance Focused Con Resistant Trust Algorithm , 2017, 2017 International Conference on Computational Science and Computational Intelligence (CSCI).

[9]  Kendall E. Nygard,et al.  Deception in cyberspace: An empirical study on a con man attack , 2017, 2017 IEEE International Conference on Electro Information Technology (EIT).

[10]  M. Chowdhury,et al.  Machine Learning Within a Con Resistant Trust Model , 2018 .

[11]  M. Chowdhury Deception in Cyberspace: Con-Man Attack in Cloud Services , 2018 .

[12]  Kendall E. Nygard,et al.  An Artifiical Immune System Heuristic in a Smart Grid , 2013 .

[13]  Kevin Johnston,et al.  An introduction to Information Systems , 2011 .

[14]  M. Chowdhury,et al.  Ethical Hacking: Skills to Fight Cybersecurity Threats , 2022, EPiC Series in Computing.