โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
Request a Call-back.
First we need a few details.
Keep up to date with the experts
Get insights directly to your email inbox
Follow us on social
โWe needed to find solutions to a variety of issues whilst being a complex business, operating in a 24/7 environment. Stripe OLT listened and understood immediately the challenges we faced.โ
Request a Call
First we need a few details.
It seems that Chatbots are now embedded into every digital solution at our disposal, but despite the simplicity and ease this tool provides, cyber security concerns have been raised over the AIโs ability to spread misinformation, aid hackers in developing malware and even present sensitive data leak threats.
Following the news that Italy is the first European country to ban Chatbots over privacy concerns, a global discussion is taking place over how society can prioritise data protection and combat malicious groups that exploit vulnerabilities in Chatbots.
The EU is currently writing the worldโs first artificial intelligence legislation, aiming to regulate the development and practise of Chatbots, and ultimately protect the privacy of users. Italy now joins China, Iran, North Korea and Russia in banning this new wave of AI.
The widespread popularity of AI Chatbots has presented a key opportunity for threat actors to extract possibly sensitive information. Aided by the conversational tone of most Chatbots, users feel more comfortable sharing private data. Artificial Intelligence Chatbot, Bard, has subsequently added an age restriction of 18+ to combat these privacy concerns.
Historically, chatbots havenโt had the best rep – in 2020, Ticketmaster were fined ยฃ1.25 million by UK Watchdog for the companyโs lack of security measures on their chatbot. Hackers breached Ticketmasters chatbot and leaked names, payment card numbers, expiry dates and CVV numbers, potentially affecting 9.4 million customers.
The one youโve probably all most recently heard of is the ChatGPT breach, in which users personal data was stolen by malicious groups. Italyโs watchdog, in turn, has raised concerns over how OpenAI is processing user data and the purpose of storage.
OpenAI has affirmed that the purpose of ChatGPT is not to learn more about the users, but to learn about the world. A blog post from the tech company goes on to say that the data stored is not used for โselling our services, advertising, or building profiles of people โ we use data to make our models more helpful for peopleโ.
Being helpful to us humans, however, is sometimes part of the risk โ letโs take language as an example. Advancements in artificial intelligence may have enabled faster and more accurate language translations, but in turn, users will find it harder to spot well-known red flags such as inaccurate spelling and poor grammar.
Accurate translation would then subsequently lend itself well to scammers re-using phishing emails, and sending on mass in many languages, to bypass spam blockers put in place by organisations โ just one of many potential risks.
For both the public and private security sectors, thereโs a responsibility to ensure this ever-chaging ai battlefield is kept under control – evolving risks include:
Malware and Ransomware: Hackers have been known to infiltrate Chatbotโs through backdoor deployments, to spread malware or ransomware onto unsuspecting victims. Backdoor deployment refers to an attack type whereby hackers can bypass security measures through โbackdoorsโ.
Backdoors are unintentionally built by developers to easily access systems and fix software problems, but backdoors can also be created and exploited by malicious actors using malware. This in turn allows a malicious actor to gain access to data, critical systems and spread other malicious other assetsโฆ
Data theft through poor encryption: If chatbotโs are not properly encrypting a userโs data, there is a risk of bad actors accessing this private data and using it to their advantage.
The UK Watchdog recently issued a warning to tech companies developing Chatbots, stating their concerns over the masses of unfiltered personal data being stored to โtrainโ the artificial intelligence.
Chatbot impersonation: Hackers have been known to replicate well-known Chatbot landing pages, which as we all well know, can lead to a range of malicious activities.
More specifically, these pages commonly request personal information, like credit card details and credentials. Recently, a fake ChatGPT landing page asked users to โsign upโ for their Ai services – in reality victims were downloading a piece of trojan malware named FOBO.
โWith developments in Artificial Intelligence moving so fast, it is critical that users and organisations stay up to date on these new threats we are seeing emerge. Due to the appeal and accessibility of Chatbots, malicious actors have been able to exploit a variety of vulnerabilities and elicit sensitive and potentially dangerous information.โ
– Andrea Csuri, SOC Analyst
Small changes make a big difference:
For organisations that want to know more about their existing response to threats, talk to us today about our breach & attack simulation services. From phishing simulation tests to breached credential checks, our team are here to help your team adopt a modern age approach, to modern age threats.
Alternately, for organisations that want to take a proactive approach and build awareness around these growing risks, you can opt for User Awareness and Security Training. Offering two separate courses, we make sure both your workforce and senior stakeholders are prepared when dealing with adversaries.
