A new study conducted by Kaspersky has revealed an alarming trend of criminals exploring various exploitation techniques using Artificial Intelligence (AI) tools on the dark web. Kaspersky's Digital Footprint Intelligence service has uncovered nearly 3,000 dark web posts of threat actors actively discussing exploitation techniques involving AI tools, including the sophisticated chatbot system, ChatGPT.
Among the multiple schemes uncovered by Kaspersky's investigation, criminals are found to be illegally using and selling access to stolen ChatGPT accounts. This growing trend reflects an increasing adoption of AI tools to make information more accessible, but it also suggests the potential for a rise in cyber attacks due to the lowered entry barrier to cybercrime.
About the findings, Alisa Kulishenko, a digital footprint analyst at Kaspersky, says, "Threat actors are actively exploring various schemes to implement ChatGPT and AI." She highlights that the discussions often relate to developing malware or to illicit use of language models. There are instances of stolen user data processing, file parsing from infected devices, and more. The popularity of such tools has even led to the integration of automated responses from ChatGPT or equivalent versions in some cybercrime forums. Additionally, threat actors are found sharing 'jailbreaks'—special sets of prompts to unlock hidden functionality—and are devising ways to exploit legitimate tools using AI models for malicious purposes.
Furthermore, Kaspersky's study finds a blooming market for selling stolen ChatGPT accounts on the dark web. Nearly 3,000 posts related to the sale of ChatGPT accounts were identified in 2023 alone, all on the dark web or shadow Telegram channels. These posts often advertise either stolen accounts or services that automate the mass creation of these accounts. Notably, some posts were repeatedly published across multiple dark web channels.
Kulishenko adds, "While AI tools themselves are not inherently dangerous, cybercriminals are trying to come up with efficient ways of using language models, thereby fuelling a trend of lowering the entry barrier into cybercrime and, in some cases, potentially increasing the number of cyberattacks." She believes that although generative AI and chatbots might not revolutionize the attack landscape in the coming year, due to the automated nature of these attacks, it's crucial to stay informed about attackers' activities to anticipate potential threats and strengthen corporate cybersecurity accordingly.
To combat such threats, Kaspersky recommends implementing certain security measures. These include using Kaspersky's Digital Footprint Intelligence, which enables security analysts to explore potential attack vectors. Additionally, endpoint security solutions, such as Kaspersky Endpoint Security for Business, offer behavior-based detection and anomaly control capabilities, providing effective protection against known and unknown threats. Kaspersky also offers Managed Detection and Response services to help stop infiltrations at the initial stages and Incident Response services to abate damage in case of a security breach.