Security researchers have discovered what they believe is the first malicious attack on an enterprise via a social network powered by generative AI technology.
SafeGuard Cyber Security Solutions said it found an ad on LinkedIn purporting to publish a report with information designed to help sales managers increase profits and close more deals.
The above ad contained an image that the researchers described as suspicious, a color pattern appearing in the lower right corner of the image, similar to what appears in images obtained by Dall-E.
The ad invites readers to register their personal information in exchange for a report. The ad added a LinkedIn account called Sales Intelligence, which the researchers said looked suspicious because the company's page was mostly empty except for a link that redirected users to a jewelry store. This fake company appears to add a random link to fill in the required fields when creating a new page on LinkedIn.
After the registration step, the attackers obtained the registered user's (LinkedIn) email address and phone number, and the user did not receive a copy of the alleged report. Researchers believe the attack was designed to collect company employee information for use in phishing and social engineering attacks.
In addition to images, the researchers say ad text can also be generated using AI text generation services such as ChatGPT.
Since its inception, generative AI technologies have raised concerns that they could be used for illegal purposes. According to a recent PlayBerry survey, more than half of IT professionals expect to witness a successful cyberattack attributed to the infamous Chatbot ChatGPT within a few months, with 71% believing that malware could be used by foreigners against other countries.
According to a report by cybersecurity firm Check Point Research, Russian cybercriminals are attempting to circumvent the limitations of a well-known chatbot (ChatGPT) for malicious purposes. The company detects hackers using a trusted phishing email generator and uses it to develop malware. Code for Office files.