Seventy-eight percent of domains containing 'ChatGPT' are malicious, HUB 53 reveals


Johannesburg, 09 Jun 2023

ChatGPT is a popular and powerful generative AI tool that has reached the end-user, but it has a dark side that cyber criminals are looking to exploit. As a cyber security company, DNSSense recently scanned domains containing the word "ChatGPT" to gain a deeper understanding of the associated risks and vulnerabilities. In this article, we will share our findings covering domains registered since the beginning of 2023, which can help users take the necessary precautions to protect themselves and their businesses.

Utilising natural language processing (NLP) technology, Open AI has developed a language model named ChatGPT, which creates human-like dialogue. With Elon Musk as one of the founders, ChatGPT has achieved remarkable success, surpassing one million users in just five days and 100 million active users within two months of its launch in March 2023. The AI chatbot has proven to be an invaluable tool for marketing professionals, content producers and software developers, and its continued success is paving the way for further advancements in AI.

Despite its fascinating capabilities, ChatGPT has also raised some concerns since its inception. As the first AI application to showcase the full potential of AI, the chatbot’s ability to interact with the user almost seamlessly, akin to a human, has caused fear in certain professional groups, who worry that they might lose their jobs. Such fears were further exacerbated by estimates from organisations such as Goldman Sachs that generative AI applications could wipe out 300 million jobs worldwide. Add to the mix the growing popularity of ChatGPT among hackers, who have been exploiting it to launch phishing campaigns to defraud users, and you will understand the alarm it has provoked.

As a DNS security company specialising in AI-powered cyber security solutions, we believe that generative AI should not fall into the wrong hands. To ensure this, we utilised our Cyber X-Ray solution to investigate the cyber risks associated with ChatGPT, one of the most advanced examples of artificial intelligence, by scanning the entire internet to analyse the word "ChatGPT" from a different perspective. In this article, we present the compelling results of our analysis.

Methodology

Cyber X-Ray, the AI-powered domain categorisation tool developed at DNSSense, is also the engine that drives the company’s two other security solutions, namely DNSEye and DNSSome. Our AI algorithms enable dynamic cyber threat intelligence and classification of all domains on the internet based on their historical and relational data. To gather data, we scanned all domains registered since the beginning of 2023 containing the word “ChatGPT”. By combining their historical and relational data, we were able to draw the following meaningful conclusions.

Key findings from Cyber X-Ray's ChatGPT analysis

Our research, which utilised the AI capabilities of Cyber X-Ray and an extensive database, revealed that there were 4 906 domains containing the word “ChatGPT”, of which 4 113 domains were registered as active.

Our analysis using Cyber X-Ray’s AI-powered domain categorisation solution revealed that out of 4 113 active domains containing the word “ChatGPT”, 78% or 3 240 of them were potentially malicious. These included 1 993 domains used for phishing, 1 217 with potentially malicious content and 30 containing malware or viruses. Surprisingly, “.com”, a widely recognised extension that evokes a sense of security, had the most potentially malicious domains at 1 218.

GoDaddy.com was found to be the most popular registrar with 397 registered domains, followed by DYNADOT, NameCheap, Google and Alibaba Cloud. Additionally, 107 of the domains were parked, while 285 were deactivated since being purchased in April 2023. These deactivated domains, which are likely to be used in DNS-based attacks, pose the highest cyber security risk.

We also found that SSL certificates were purchased for 1 666 domains to create a false sense of security. However, 353 domains were redirected to another URL, with 174 of them leading to malicious domains.

Lastly, the research found that the domains were hosted in the United States, Germany, Russia, Singapore and the Netherlands.

In summary, almost one out of four domains containing the word “ChatGPT” were discovered to pose a high risk, making it imperative for individuals and businesses to take the necessary precautions to protect themselves.

What cyber risks does ChatGPT pose?

The root of the issue is not with ChatGPT or AI technology itself. Rather, it lies with the malicious hackers who exploit every new technology to facilitate their criminal activities. These individuals often take advantage of widely used and freely accessible tools, such as ChatGPT, to aid in their schemes.

The alarming increase in phishing attacks continues to be a growing threat in the cyber security world, with a staggering 569% increase in phishing e-mails in 2022 alone. ChatGPT, being a powerful AI tool, can easily generate phishing e-mails and personalise them with just a few prompts. Although programmed to avoid generating malicious code, ChatGPT is still vulnerable to manipulation by hackers who can provide clear and creative instructions to make it generate malicious code quickly.

A recent study conducted by BlackBerry revealed that one in two IT leaders believe that ChatGPT will be used in cyber attacks within a year. The use of AI-powered cyber attacks is not limited to phishing alone, as it can also be used for DDOS attacks that pose a serious threat to a company's entire IT infrastructure, especially its DNS security. In addition, these cyber criminals purchase domains from well-known registrars and obtain SSL certificates, which makes them look legitimate and trustworthy, despite the potential risks they pose.

As a DNS security company, DNSSense recognises the risks associated with ChatGPT and other AI-supported tools in the wrong hands. Through Cyber X-Ray's AI-powered threat intelligence capabilities, we were able to gather crucial information on the potential cyber risks posed by domains containing the word “ChatGPT”. We hope that the insights we have obtained will be useful to individuals and businesses and will assist in the development of effective cyber security strategies.

Connect with us on LinkedIn: https://www.linkedin.com/showcase/hub-53/

Share