Cybercriminals Harnessing Power Of ChatGPT
ChatGPT and other AI tools are making it easier for people with limited programming abilities to commit cybercrimes, says a new report.
Chatbots allow them to quickly write malicious code and generate fraudulent convincing messages. That’s in spite of security measures designed to prevent the technology being used for crime.
A new report by the Israeli cyber-intelligence security company Cybersixgill says cybercriminals are posting ‘full step-by-step tutorials for beginners’ on discussion forums.
The cybercriminals claim ChatGPT-enabled techniques can generate $500 per day by fraudulently obtaining freelance work, writing scripts to automate commands for manipulated dice-rolling, gambling, and betting in online casinos, and by cheating in online video games.
Cybersixgill says that the chatbot is also being used for personalized ‘spearphishing attacks’ designed to target a specific individual by crafting messages that mimic the writing style of trusted individuals.
The victim’s response can be used to produce a compelling, relevant, and personalized follow-up. The chatbot remembers the context, style, and topic of the conversations.
ChatGPT was designed with built-in protective mechanisms that identify and reject inappropriate, harmful, and illegal requests, but Cybersixgill found that cybercriminals are working on strategies to bypass these restrictions.
The report also found credit card fraud declined worldwide during 2022, except for the UK. Cybercriminals have instead turned their focus to conducting cryptocurrency fraud.
“Each day, our threat research experts collect 10 million intelligence items from the cybercriminal underground, giving Cybersixgill a unique ability to track the pulse of the deep, dark web and monitor its changes over time,” said Delilah Schwartz, the company’s Security Strategist.
“Cybercrime is rapidly evolving, with new opportunities and obstacles in the cyber threat landscape impacting threat actors’ tactics, tools, and procedures. In response, organizations can no longer rely on outdated technologies and manual processes to defend against increasingly sophisticated attacks.
“Proactive attack surface management informed by real-time CTI (cyber threat intelligence) from the deep, dark, and clear web is now of paramount importance and will be a critical cyber defense weapon in the months and years to come.”