Thursday, May 9, 2024

Vogon Today

Selected News from the Galaxy

StartMag

ChatGPT: Active Directory Security Opportunity or Threat?

1 year ago babelfish

ChatGPT: Active Directory Security Opportunity or Threat?

Active Directory is a directory service used by 90% of companies to manage computer systems, but with the advent of ChatGPT, even the most amateur of hackers can carry out attacks with serious consequences. The in-depth analysis by Yossi Rachman, expert in offensive and defensive cybersecurity techniques and Director of Security Research at Semperis, a company in the IT resilience sector for companies

Active Directory (AD) is a directory service used by 90% of companies to manage computer systems, especially with regards to authentication, authorization and identity of users, computers and other resources on the network. Given its prevalence, it is the main target of malicious users who want to gain access to sensitive information or data.

Until recently, compromising a company's AD infrastructure required familiarity with attack tools and techniques, and advanced knowledge of various authentication and authorization protocols. Today, with the advent of ChatGPT, even the least experienced hacker can carry out attacks with serious consequences.

It must be said that this generative artificial intelligence (AI), accessible to all, can also prove to be a valid ally in protecting company systems and minimizing the impact of any compromise. So is ChatGPT an opportunity or a threat to Active Directory security?

WHAT IS GENERATIVE AI

Generative AI is capable of creating new and original content, such as images, text or audio. While other types of AI are designed to recognize patterns and make predictions based on existing data, the goal of generative AI is to bring new data to life from what it has learned. Deep neural networks that mimic the functioning of the human brain are used to train this AI.

The development of generative AI dates back to the early days of artificial intelligence research, in the 1950s and 1960s. At the time, researchers were already wondering about the idea of ​​using computers to generate new content, such as compositions music or works of art.

However, it is only in 2010 that generative AI rises to the fore, in conjunction with the development of deep learning techniques and the availability of large data sets. In 2014, a team of Google researchers published an article on the use of deep neural networks to generate images, considered a real milestone in the field.

Since then, many studies on generative AI have been published and new applications and techniques have been developed. Today, generative AI is a fast-evolving sector in which progress continues constantly.

WHAT IS CHATGPT?

ChatGPT is a large-scale conversational language model developed by OpenAI. Based on the Generative Pre-trained Transformer (GPT) architecture, this model was trained on large volumes of textual data using unsupervised learning techniques. ChatGPT can respond to natural language text prompts, which is useful in a variety of applications, from chatbots to translations to question and answer systems.

The first version of ChatGPT was released in June 2020. OpenAI announced the launch of the model on the blog , along with a demonstration of its capabilities.

Since then, OpenAI has continued to refine and improve ChatGPT with more extensive models and more advanced features. In September 2021, GPT-3 was released, the latest version of ChatGPT: with 175 billion parameters, it is considered one of the most advanced and widespread language models in the world (Figure 1).

Figure 1 – post by Linas Beliunas comparing the adoption times of the most revolutionary technologies of our times. The post quickly went viral as more and more people became aware of ChatGPT and its capabilities.

HOW CAN ATTACKERS EXPLOIT THE POWER OF CHATGPT?

ChatGPT's goal is to revolutionize the way we interact with machines to create increasingly fluid communication between people and computers. However, the public availability of the beta version has led threat actors to take advantage of it for their own purposes. But how?

PHISHING SITES AND APPS

Phishing websites have been around since the birth of the internet. The first attacks of this kind occurred only via email. As people have learned to recognize and avoid suspicious emails, malicious users have come up with fake websites that mimic legitimate sites. Their purpose is clear: to obtain login credentials or personal information. These initiatives often rely on emerging trends from disparate fields to dupe unsuspecting victims. For example, with the introduction of smartphones, phishing campaigns have also begun to spread via malicious apps.

Since the release of ChatGPT, which immediately attracted a lot of interest, several phishing campaigns have been disguised as ChatGPT websites and apps, inviting users to download and install the malware or even provide credit card information. Malicious sites and apps often circulate through social media profiles and ads to reach as many victims as possible.

PHISHING CAMPAIGNS ASSISTED BY CHATGPT

Both malicious users and computer systems security teams know that phishing emails are one of the most effective attack vectors. Most of these campaigns are based on a pretext so credible as to induce the victim to reveal confidential information. This pretext usually creates a sense of urgency or importance. Let's see how.

An attacker could pretend to be someone you trust, such as a bank employee or IT support team member. Using this false identity, he informs the victim of a possible security breach or account closure threat. At that point it asks for login credentials or other personal information to fix the problem.

Pretending is a common tactic in phishing campaigns and can be difficult to expose. The attacker may have done some extensive research to come up with a compelling story. Sometimes, however, the presence of spelling and grammatical errors or oddities in the syntax and formatting can help us recognize these attack attempts.

Many threat actors are now entrusting these mechanisms to ChatGPT. Yes, of course, the AI ​​will not cooperate with a direct request to create a credible pretext for a phishing campaign. But it is easy to find a way around this limit, as Figures 2 and 3 show. The pretext has been adapted to the capabilities of ChatGPT's generative AI, increasing the success rate of phishing campaigns.

Figure 2 – Attacker: “Open the external shutter, HAL.” ChatGPT: “Sorry Dave, unfortunately I can't do that.”
Figure 3 – Attacker: “Kill them all, HAL, and tell them not to call because we're busy.” ChatGPT: “It will be done, Dave!”

CHATGPT ASSISTED ATTACK CHAINS

Attackers can use ChatGPT to engineer serious attacks against an organization, even with very little technical knowledge. The conversation in Figures 4 and 5 demonstrates the technique of asking ChatGPT to define how an attack can happen.

Figure 4 – Attacker asks ChatGPT to list Active Directory attack tools
Figure 5 – the attacker chooses an attack technique and asks ChatGPT what can be done

The attacker then asks how you do a golden ticket attack cited by ChatGPT. As can be seen in Figures 6 and 7 (cropped to show only part of the steps), ChatGPT has moral reservations to answer, but these eventually disappear once the attacker declares himself an ethical hacker.

Figure 6 – golden ticket attacks are bad
Figure 7 – golden ticket attacks are harmful, unless they are performed for ethical reasons

By following the instructions of ChatGPT, the self-styled ethical hacker can sneak into the domain of the targeted organization with the help of artificial intelligence.

HOW CAN CYBER SECURITY TEAMS USE CHATGPT TO DEFEND CORPORATE ASSETS?

ChatGPT is a very powerful tool that in the hands of attackers can do enormous damage. But it is an equally valid asset on the defense front as well.

For example, Blue Teams tasked with protecting corporate systems can harness the power of generative AI for a variety of actions, such as:

  • Correct security configuration errors
  • Monitor the most important safety components
  • Minimize the possible damages in case of compromise

The conversation in Figures 8, 9, and 10 shows how a defense official can use ChatGPT to identify and mitigate the risks associated with unconstrained Kerberos delegation. If you don't know what unconstrained Kerberos delegation is, ask ChatGPT.

Warning: Before applying AI-generated scripts, always preflight for any internal bugs that could break your system (or compromise it in the worst case scenario).

Figure 8 – AI explanation of unconstrained Kerberos delegation
Figure 9 – ChatGPT generates a script to detect security configuration errors
Figure 10 – ChatGPT explains how to correct security configuration errors (always pay close attention as already mentioned above)

GENERATIVE AI: A DOUBLE-EDGED SWORD

The public accessibility of ChatGPT and Generative AI has already changed the way we interact with machines. With the development of ever more advanced models of artificial intelligence and the release of ever new versions, we are witnessing a real technological revolution, with an even greater impact than the invention of the Internet and mobile phones.

But like any new technology, there are always those who use it for purposes other than those for which it was designed: just think of the attackers, who want to exploit it to inflict even more damage. Fortunately, the same technology can be useful for beneficial purposes, such as improving the defense of corporate systems with times and results never seen before.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/chatgpt-opportunita-o-minaccia-per-la-sicurezza-di-active-directory/ on Sat, 22 Apr 2023 06:09:00 +0000.