Sophos published two reports on AI in cybercrime. The first, “The Dark Side of AI,” demonstrates how con artists could use ChatGPT and other similar technologies to commit widespread fraud with little to no technical know-how. Despite AI’s promise, some cyber criminals are sceptical and reluctant to employ massive language models like ChatGPT for their attacks, according to the second research, “Cybercriminals Can’t Agree on GPTs.”
The Negative Aspects of Artificial Intelligence
Sophos X-Ops was able to create a completely functional website with AI-generated graphics, audio, and product descriptions, as well as a fake Facebook login and fake checkout page to steal people’s login credentials and credit card details. They did this using a basic e-commerce framework using LLM tools like GPT-4. With just one button, Sophos X-Ops was able to construct hundreds of comparable websites in minutes using the same technique, requiring very little technical skills to run.
“Our goal in doing this research was to outsmart the criminals. We have a rare opportunity to assess and get ready for the threat before it spreads by developing a system for large-scale fake website development that is more sophisticated than the instruments thieves are presently employing”, according to Ben Gelman, Senior Data Scientist at Sophos.
Hackers Aren’t Able to Agree on GPTs
In order to better understand attacker sentiments around AI, Sophos X-Ops looked for talks about LLM in four well-known dark web forums. Although the use of AI by hackers seems to be in its early stages, threat actors on the dark web are talking about how it might be used for social engineering. According to Sophos X-Ops, AI has already been used in romance-based cryptocurrency schemes.
Furthermore, Sophos X-Ops discovered that most posts discussed “jailbreaks,” or methods of getting beyond LLM security measures so that hackers can use them for evil, and compromised ChatGPT accounts for sale. According to the developers, ten ChatGPT versions that might be used to conduct malware development and cyberattacks were also discovered by Sophos X-Ops.
Threat actors, however, had differing opinions about these derivatives and other nefarious uses of LLMs. A number of criminals expressed worry that the people who made the ChatGPT imitators were attempting to defraud them.
“Since the launch of ChatGPT, there has been a great deal of anxiety about how cybercriminals may misuse AI and LLMs, but our study indicates that threat actors are now more sceptical than enthusiastic. We only discovered 100 postings about AI in two of the four dark web forums that we looked at. In contrast, we discovered 1,000 posts about cryptocurrencies throughout the same time period.
