#FactCheck-AI-Generated Video Falsely Shows Samay Raina Making a Joke on Rekha

Executive Summary:

Traditional Business Email Compromise(BEC) attacks have become smarter, using advanced technologies to enhance their capability. Another such technology which is on the rise is WormGPT, which is a generative AI tool that is being leveraged by the cybercriminals for the purpose of BEC. This research aims at discussing WormGPT and its features as well as the risks associated with the application of the WormGPT in criminal activities. The purpose is to give a general overview of how WormGPT is involved in BEC attacks and give some advice on how to prevent it.

 Introduction

BEC(Business Email Compromise) in simple terms can be defined as a kind of cybercrime whereby the attackers target the business in an effort to defraud through the use of emails. Earlier on, BEC attacks were executed through simple email scams and phishing. However, in recent days due to the advancement of AI tools like WormGPT such malicious activities have become sophisticated and difficult to identify. This paper seeks to discuss WormGPT, a generative artificial intelligence, and how it is used in the BEC attacks to make the attacks more effective.

What is WormGPT?

Definition and Overview

WormGPT is a generative AI model designed to create human-like text. It is built on advanced machine learning algorithms, specifically leveraging large language models (LLMs). These models are trained on vast amounts of text data to generate coherent and contextually relevant content. WormGPT is notable for its ability to produce highly convincing and personalised email content, making it a potent tool in the hands of cybercriminals.

How WormGPT Works

1. Training Data: Here the WormGPT is trained with the arrays of data sets, like emails, articles, and other writing material. This extensive training enables it to understand and to mimic different writing styles and recognizable textual content.

 2. Generative Capabilities: Upon training, WormGPT can then generate text based on specific prompts, as in the following examples in response to prompts. For example, if a cybercriminal comes up with a prompt concerning the company’s financial information, WormGPT is capable of releasing an appearance of a genuine email asking for more details.

 3. Customization: WormGPT can be retrained any time with an industry or an organisation of interest in mind. This customization enables the attackers to make their emails resemble the business activities of the target thus enhancing the chances for an attack to succeed.

Enhanced Phishing Techniques

Traditional phishing emails are often identifiable by their generic and unconvincing content. WormGPT improves upon this by generating highly personalised and contextually accurate emails. This personalization makes it harder for recipients to identify malicious intent.

Automation of Email Crafting

Previously, creating convincing phishing emails required significant manual effort. WormGPT automates this process, allowing attackers to generate large volumes of realistic emails quickly. This automation increases the scale and frequency of BEC attacks.

Exploitation of Contextual Information

WormGPT can be fed with contextual information about the target, such as recent company news or employee details. This capability enables the generation of emails that appear highly relevant and urgent, further deceiving recipients into taking harmful actions.

Implications for Cybersecurity

Challenges in Detection

The use of WormGPT complicates the detection of BEC attacks. Traditional email security solutions may struggle to identify malicious emails generated by advanced AI, as they can closely mimic legitimate correspondence. This necessitates the development of more sophisticated detection mechanisms.

Need for Enhanced Training

Organisations must invest in training their employees to recognize signs of BEC attacks. Awareness programs should emphasise the importance of verifying email requests for sensitive information, especially when such requests come from unfamiliar or unexpected sources.

Implementation of Robust Security Measures

1. Multi-Factor Authentication (MFA): MFA can add an additional layer of security, making it harder for attackers to gain unauthorised access even if they successfully deceive an employee.
2. Email Filtering Solutions: Advanced email filtering solutions that use AI and machine learning to detect anomalies and suspicious patterns can help identify and block malicious emails.
3. Regular Security Audits: Conducting regular security audits can help identify vulnerabilities and ensure that security measures are up to date.

Case Studies

Case Study 1: Financial Institution

A financial institution fell victim to a BEC attack orchestrated using WormGPT. The attacker used the tool to craft a convincing email that appeared to come from the institution’s CEO, requesting a large wire transfer. The email’s convincing nature led to the transfer of funds before the scam was discovered.

Case Study 2: Manufacturing Company

In another instance, a manufacturing company was targeted by a BEC attack using WormGPT. The attacker generated emails that appeared to come from a key supplier, requesting sensitive business information. The attack exploited the company’s lack of awareness about BEC threats, resulting in a significant data breach.

Recommendations for Mitigation

1. Strengthen Email Security Protocols: Implement advanced email security solutions that incorporate AI-driven threat detection.
2. Promote Cyber Hygiene: Educate employees on recognizing phishing attempts and practising safe email habits.
3. Invest in AI for Defense: Explore the use of AI and machine learning in developing defences against generative AI-driven attacks.
4. Implement Verification Procedures: Establish procedures for verifying the authenticity of sensitive requests, especially those received via email.

Conclusion

WormGPT is a new tool in the arsenal of cybercriminals which improved their options to perform Business Email Compromise attacks more effectively and effectively. Therefore, it is critical to provide the defence community with information regarding the potential of WormGPT and its implications for enhancing the threat landscape and strengthening the protection systems against advanced and constantly evolving threats. 

This means the development of rigorous security protocols, general awareness of security solutions, and incorporating technologies such as artificial intelligence to mitigate the risk factors that arise from generative AI tools to the best extent possible.

Introduction 

Digitalization in India has been a transformative force, India is also marked as the second country in the world in terms of active internet users. With this adoption of digitalization and technology, the country is becoming a digitally empowered society and knowledge-based economy. However, the number of cyber crimes in the country has also seen a massive spike recently with the sophisticated cyber attacks and manipulative techniques being used by cybercriminals to lure innocent individuals and businesses. 

As per recent reports, over 740,000 cybercrime cases were reported to the I4C, in the first four months of 2024, which raises serious concern on the growing nature of cyber crimes in the country. Recently Prime Minister Modi in his Mann Ki Baat address, cautioned the public about a particular rising cyber scam known as ‘digital arrest’ and highlighted the seriousness of the issue and urged people to be aware and alert about such scams to counter them. The government has been keen on making efforts to reduce and combat cyber crimes by introducing new measures and strengthening the regulatory landscape governing cyberspace in India.

Indian Cyber Crime Coordination Centre  

Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs  (MHA) to provide a framework and eco-system for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. I4C handles the ‘National Cyber Crime Reporting Portal’ (https://cybercrime.gov.in) and the 1930 Cyber Crime Helpline. Recently at the Indian Cyber Crime Coordination Centre (I4C) Foundation Day celebration, Union Home Minister Amit Shah launched the Cyber Fraud Mitigation Centre (CFMC), Samanvay platform (Joint Cybercrime Investigation Facilitation System), 'Cyber Commandos' program and Online Suspect Registry as efforts to combat the cyber crimes, establish cyber resilence and awareness and strengthening capabilities of law enforcement agencies.

Regulatory landscape Governing Cyber Crimes 

Information Technology Act, 2000 (IT Act) and the rules made therein, the Intermediary Guidelines, Digital Personal Data Protection Act, 2023 and Bhartiya Nyay Sanhita, 2023 are the major legislation in India governing Cyber Laws.  

CyberPeace Recommendations

There has been an alarming uptick in cybercrimes in the country highlighting the need for proactive approaches to counter these emerging threats. The government should prioritise its efforts by introducing robust policies and technical measures to reduce cybercrime in the country. The law enforcement agencies' capabilities must be strengthened with advanced technologies to deal with cyber crimes especially considering the growing sophisticated nature of cyber crime tactics used by cyber criminals. 

The netizens must be aware of the manipulative tactics used by cyber criminals to target them. Social media companies must also implement robust measures on their respective platforms to counter and prevent cyber crimes. Coordinated approaches by all relevant authorities, including law enforcement, cybersecurity agencies, and regulatory bodies, along with increased awareness and proactive engagement by netizens, can significantly reduce cyber threats and online criminal activities. 

References

• https://www.statista.com/statistics/1499739/india-cyber-crime-cases-reported-to-i4c/#:~:text=Cyber%20crime%20cases%20registered%20by%20I4C%20India%202019%2D2024&text=Over%20740%2C000%20cases%20of%20cyber,related%20to%20online%20financial%20fraud
• https://www.deccanherald.com/india/parliament-panel-to-examine-probe-agencies-efforts-to-tackle-cyber-crime-illegal-immigration-3270314
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2003158

‍

Introduction

In India, the population of girls and adolescents is 253 million, as per the UNICEF report, and the sex ratio at birth is 929 per 1000 male children as of 2023. Cyberspace has massively influenced the daily aspects of our lives, and hence the safety aspect of cyberspace cannot be ignored any more. The social media platforms play a massive role in information dissemination and sharing. The data trail created by the use of such platforms is often used by cyber criminals to target innocent girls and children.

On Ground Stats

Of the six million crimes police in India recorded between 1 January and 31 December last year, 428,278 cases involved crimes against women. It’s a rise of 26.35% over six years – from 338,954 cases in 2016. A majority of the cases in 2021, the report said, were of kidnappings and abduction, rapes, domestic violence, dowry deaths and assaults. Also, 107 women were attacked with acid, 1,580 women were trafficked, 15 girls were sold, and 2,668 were victims of cybercrimes. With more than 56,000 cases, the northern state of Uttar Pradesh, which is India’s most populous with 240 million people, once again topped the list. Rajasthan followed it with 40,738 cases and Maharashtra with 39,526 cases. This shows the root of the problem and how deep this menace goes in our society. With various campaigns and initiatives by Government and the CSO, awareness is on the rise, but still, we need a robust prevention mechanism to address this issue critically.

Influence of Social Media Platforms

Social media platforms such as Facebook, Instagram and Twitter were created to bring people closer by eliminating geographical boundaries, which is strengthened by the massive internet connectivity network across the globe. Throughout 2022, on average, there are about 470.1 million active social media users in India on a monthly basis, with an annual growth rate of 4.2 % in 2021-22. This represents about  33.4 % of the total population. These social media users, on average, spend about 2.6 hours on social media, and each, on average, has accounts on 8.6 platforms.

The bad actors have also upskilled themselves and are now using these social platforms to commit cybercrimes. Some of these crimes against girls and women include – Impersonation, Identity theft, Cyberstalking, Cyber-Enabled human trafficking and many more. These crimes are on the rise post-pandemic, and instances of people using fake IDs to lure young girls into their traps are being reported daily. One such instance is when Imran Mansoori created an Instagram account in the name of Rahul Gujjar, username: rahul_gujjar_9010. Using social engineering and scoping out the vulnerabilities, he trapped a minor girl in a relationship & took her to a hotel in Moradabad. The hotel manager raised the suspicion of seeing a different ID & called the Police, Imran was then arrested. But many such crimes go unreported, and it is essential for all stakeholders to create a safeguard regarding girls’ and women’s safety.

Legal Remedies at our disposal

The Indian Legal system has been evolving with time towards the online safety of girls and women. The National Commission for Protection of Child Rights (NCPCR) and the National Commission for Women (NCW) have worked tirelessly to safeguard girls and women to create a wholesome, safe, secure environment. The Information Technology Act governs cyberspace and its associated rights and duties. The following provisions of the IT Act are focused towards safeguarding the rights –

• Violation of privacy – Section 66E
• Obscene material – Section 67
• Pornography & sexually explicit act – Section 67A
• Child pornography – Section 67B
• Intermediaries due diligence rules – Section 79

Apart from these provisions, acts like POCSO, IPC, and CrPC, draft the Digital Personal Data Protection Bill, Intermediary Guidelines on Social Media and Online Gaming and telecommunications bill.

Conclusion

The likelihood of becoming a victim of cybercrime is always growing due to increased traffic in the virtual world, which is especially true for women who are frequently viewed as easy targets. The types of cyber crimes that target women have grown, and the trend has not stopped in India. Cyber flaming, cyber eve-teasing, cyber flirting, and internet cheating are some new-generation crimes that are worth mentioning here. In India, women tend to be reluctant to speak up about issues out of concern that doing so might damage their reputations permanently. Without being fully aware of the dangers of the internet, women grow more susceptible the more time they spend online. Women should be more alert to protect themselves from targeted online attacks.