ChatGPT can now write “smart malware”

Even if you haven’t used it yourself, you will no doubt have heard of the new AI program, ChatGPT. Recently upgraded to a far more powerful version 4, it can do just about anything you ask it to – including, unfortunately, lie.   It’s reinvented how people view AI and how it can support businesses and individuals – from writing to marketing content to a heartfelt message for a birthday card, it is mostly used with good intentions. But as always, there are some who will use it for the exact opposite. Those with bad intentions are using ChatGPT to write incredibly powerful malware that can be used to steal passwords.   In an article published on LinkedIn (LINK: https://systemweakness.com/chatgpt-powered-malware-bypasses-edr-c9a66af5cec1) ChatGPT was asked to write a script that is smart enough to change every time and therefore bypass most EDR technologies. EDR (Endpoint Detection and Response) is a traditional protection solution such as anti-malware and anti-virus software. EDR systems work reactively – they look at information supplied to them by their manufacturers.   Every day, these systems download virus signatures (essentially the fingerprint of a virus) so they can protect your computer with the latest information. If a malware programme can re-write itself every time it’s activated – such as one created via ChatGPT and Python – it can completely bypass the virus signature mechanism making current protection solutions insufficient.   If this leaves you feeling a bit panicked, there is an alternative. At OfficeAnyPlace Ltd we actively promote a different type of protection called Zero-Trust security. Zero-Trust operates on the principle that all access requests are suspicious until otherwise confirmed. It requires all users, whether in or outside your organisation’s network to be authenticated, authorises and continuously validated before being granted access to applications and data.   This means that if the ‘smart malware’ somehow makes it onto your PC through an existing protection system, our Zero-Trust engine would either:  

1. Prevent its installation altogether or
2. Prevent it from accessing any of your files and solutions.

  Zero-Trust security is highly recommended for businesses of all sizes, providing increased reassurance against malware attacks. It’s also extremely cost-effective and an incredibly powerful solution.   But a good security system can only go so far, especially when the article we referenced earlier is a proof of concept for a keylogger as well. A keylogger is a piece of malware that aims to steal login and password information by actually recording all the keyboard input and send it back to the hacker so they can access your bank accounts and websites such as Amazon or your Cloud-based storage systems. Therefore, a secure password manager is a must-have in any corporate environment to ensure control and protection of your company’s most precious resource: its Intellectual Property.   Password managers use the following concepts:  

• A very strong master password
• Automatic generation of unique passwords for every login
• A cunning software interface that allows one-click login everywhere, without the user having to view – or type – the stored passwords.

  We highly recommend using both Zero-Trust and a reputable password manager to give you and your company the ultimate protection. With smart malware on the rise, it’s vital to have all the framework in place to actively disrupt hackers attempts to steal valuable data. As industry experts, we consider it our responsibility to keep abreast of the latest offerings within the IT security industry. After months of testing several different solutions, ensuring that they are of a high standard that we are willing to recommend to our clients, we are pleased to announce that we have partnered with, and are a reseller of, Keeper Security.   If you are reviewing your IT security, please do get in touch to discuss your options and the best solutions to suit you and your business.