It’s not far from believable that a common man, walking on the road today, wouldn’t know about artificial intelligence (AI) and its use cases that are facilitating digital services availed by him/her. While AI’s been a rage in the tech sector for the enterprises, the technology was yet to reach the consumer on the ground going through the motions of life and its many perils. All that changed in December 2022, as OpenAI’s chatbot ChatGPT became a rage amongst the masses, tech-enthusiasts or otherwise. In fact, it has been reported that the powerful chatbot is quite popular among the hacker communities globally and empowering the less tech-savvy cybercriminals too.
Latest Report
A latest report underlines the fact that the revolutionary AI-powered chatbot ChatGPT by OpenAI is being utilised by hackers to recreate malware strains, create Dark Web Marketplaces and plot fraudulent schemes.
Check Point Research (CPR) analysis shows that cybercriminals are increasingly taking interest in the powerful AI chatbot ChatGPT for malicious activities. It is currently uncertain if the tool has been used to undertake any attacks.
The analysis observed that several major underground hacking communities were using OpenAI to develop malicious tools. In some cases, it was seen that many of these cybercriminals using OpenAI had no development skills at all.
“Although the tools that we present in this report are pretty basic, it’s only a matter of time until more sophisticated threat actors enhance the way they use AI-based tools for bad,” Check Point Research said in its report.
CPR reports that a thread named “ChatGPT – Benefits of Malware” appeared on a popular underground hacking forum. The publisher of the thread disclosed that he was experimenting with ChatGPT to recreate malware strains and techniques described in research publications and write-ups about common malware.
“ChatGPT has reportedly been used by low-skilled cybercriminals to develop basic malware and may be used by scammers to develop phishing scripts to be used as part of both phishing emails and dating and romance scams,” said Satnam Narang, Sr. Staff Research Engineer at Tenable.
“It is not entirely impossible, but a lot less likely that ChatGPT will develop a professionalised piece of ransomware or other malicious software. It can, however, provide the basic foundation for a low-skilled cybercriminal to kick start their efforts and put them on the path towards success,” he added.
The CPR report also found another use case on ChatGPT for fraudulent activity, which was posted on New Year’s Eve of 2022, and it demonstrated a different type of cybercriminal activity. The thread was named “Abusing ChatGPT to create Dark Web Marketplaces scripts.” In this thread, the cybercriminal showed how easy it is to create a Dark Web marketplace, using ChatGPT.
“The marketplace’s main role in the underground illicit economy is to provide a platform for the automated trade of illegal or stolen goods like stolen accounts or payment cards, malware, or even drugs and ammunition, with all payments in cryptocurrencies,” explained the report.
To illustrate how to use ChatGPT for these purposes, the cybercriminal had published a piece of code that uses third-party API to get up-to-date cryptocurrency (Monero, Bitcoin and Etherium) prices as part of the Dark Web market payment system.
"The complexity of the attacks has increased. Gone are the days, when bad guys would focus only on IT assets. These are the times of social engineering, where the bad guys with malicious intent tap into people's weaknesses and get them to reveal confidential information," Chetan Anand, Associate Vice President and CISO, Profinch, and member of ISACA Emerging Trends Working Group.
Phishing Mails
A study by CPR in December 2022 had already established that fact that AI models could be leveraged to write phishing mails. In fact, the AI-tool can also bridge flaws in phishing mails such as grammatical errors and poorly constructed sentences, which would make it much more difficult to identify such mails.
“Poorly constructed sentences or grammatical errors are one of the few tell-tale signs of phishing emails and dating app profiles. With the prevalence of Pig Butchering scams across social networks and messaging apps, ChatGPT could help fill the gap when it comes to writing more convincing profile bios for fake profiles, as it’s easy to spot some fake profiles due to poorly constructed bios,” said Narang.
He added that the ChatGPT could also be used to help facilitate scripts used by dating and romance scammers when trying to convince their potential victims to part ways with their money or cryptocurrency.
Still Early Days
Despite the viral popularity of ChaGPT and the massive number of userbase, the journey for the powerful chatbot has just begun. Some reports believe that the innovation could mean curtains for Google’s search engine, which is perhaps the most important tech in use today by the masses.
According to media reports, Microsoft is currently engaged in discussions to invest USD 10 billion in ChatGPT-creator OpenAI along with other venture firms. This investment could value OpenAI at USD 29 billion, according to a report by Semafor. It has been reported that the deal documents for the investment have been sent to prospective investors in last few weeks.
Earlier this week, it was announced that ChatGPT will soon be available in an upgraded version for selected users as its creator OpenAI looks to monetise the tool.
Making the announcement on Twitter, OpenAI President and Co-founder Greg Brockman said, “Working on a professional version of ChatGPT; will offer higher limits & faster performance.”
The tweet by Brockman featured a Google Forms link that allows one to register for the pilot programme named “ChatGPT Professional”. The service will have enhanced features including:
•Always available (no blackout windows)
•Fast responses from ChatGPT (i.e., no throttling)
•As many messages as you need (at least 2X regular daily limit)
OpenAI said that this pilot is an experimental programme which is subject to changes.
The ChatGPT Professional service will not be accessible to everybody willing to participate. Instead, OpenAI will select whom it is availed to amongst those who apply through the Google Forms online.
During his recent visit to India, Microsoft Chairman and CEO Satya Nadella hailed ChatGPT's capabilties. “It’s phenomenal to see what's happening with the foundational model. The key point is that we are observing effects on an emerging scale. We are thrilled about our partnership with OpenAI,” he said.
So, its fair to say that it’s early days for the AI chatbot and it is bound to only improve overtime. Meanwhile, much like other great technologies being leveraged to target the traffic online, cybercriminals are bound to become more creative with AI-powered tools like ChatGPT to expand the threat landscape too.
“We’re still in the early stages of seeing ChatGPT’s impact on a broader level, but it’s clear that, as with any new technology, cybercriminals will seek to find a way to abuse it for their own financial gain,” said the Tenable Research Engineer.
Also Read: ChatGPT: Newest Bot On Block And What It Means For Marketers