Cybercriminals get their very own generative AI
We've already seen how generative AI can be used in cyberattacks but now it seems there's an AI model aimed just a cybercriminals.
Every hero has a nemesis and it looks like ChatGPT's could be FraudGPT. Research from security and operations analytics company Netenrich shows recent activities on the Dark Web Forum reveal evidence of the emergence of FraudGPT, which has been circulating on Telegram Channels since July 22nd.
John Bambenek, principal threat hunter at Netenrich, says:
This appears to be among the first inclinations that threat actors are building generative AI features into their tooling. Prior to this, our discussion of the threat landscape has been theoretical. That said, just because tools exist, don’t mean they'll get traction among cybercriminals either so we’ll need to see how and where we see these tools used.
Generative AI tools provide criminals the same core functions that they provide technology professionals… the ability to operate at greater speed and scale. Attackers can now generate phishing campaigns quickly and launch more simultaneously.
I view this as early stage efforts in the use of AI for criminal activity much like organizations across industry verticals are playing to see how ChatGPT can be used. The core problem is that AI will help radically increase the scale and efficiency of attackers in ways we are not entirely ready to combat. We have some time… just not a lot to come up with solutions. That said, twenty years in this industry have taught me that we’ll always be playing catch-up to the criminals who often use cutting edge technology better and faster than we do, and certainly faster than we can address the risks.
The subscription fee for FraudGPT starts at $200 per month but signing up for a year is only $1,700 -- even cybercriminals like a bargain.
Features you get for your ill-gotten gains include the ability to write malicious code; create undetectable malware, hacking tools and phishing pages; write scam pages and letters; and find leaks and vulnerabilities.
You can read more on the Netenrich blog.