AI: Cybercriminals’ Unlikely Best Friend

Since its emergence in the 1960s, artificial intelligence (AI) has made significant strides. Its applications in various sectors, including healthcare, finance, transportation, and entertainment, have been transformative. However, AI’s incredible potential also presents a significant challenge, as it has become a potent weapon in the hands of hackers and cybercriminals. In this article, we’ll take a detailed journey through the evolution of AI, exploring how it has become a tool for hackers.

Evolution of AI Hacking

In today’s digital era, hackers continuously devise innovative methods to target large organizations and gain unauthorized access to their data, with AI being one of their preferred tools. Here are a few ways in which hackers leverage AI to victimize and assault businesses:

1. Automated Attacks and Exploits: Hackers employ artificial intelligence to enhance the efficiency of their attacks against organizations. AI assists them in swiftly identifying vulnerabilities in an organization’s networks and applications, such as weak passwords or security system flaws. AI algorithms enable hackers to orchestrate large-scale attacks on multiple businesses simultaneously, making it easier for them to breach their target’s networks.
2. Advanced Phishing and Social Engineering: AI is harnessed by hackers to make their phishing endeavors more potent. Through AI, they can create highly convincing phishing emails and messages that deceive individuals into divulging their passwords and financial information. These messages appear authentic and personalized, as AI algorithms analyze vast amounts of data, making it challenging for recipients to discern their legitimacy.
3. Sneaky Malware and Evading Security: Modern hackers use AI to craft malware that is exceptionally difficult to detect. Malware refers to malicious software that can infiltrate a computer without the user’s knowledge, allowing cybercriminals to access and steal confidential information. AI aids hackers in developing malware that can adapt its code or behavior to evade detection by antivirus software, thereby increasing the difficulty for organizations to protect their networks.
4. Cracking Passwords and Bypassing Biometric Systems: AI-driven password generation algorithms enable hackers to guess passwords through trial and error or exploit data from previous breaches to decipher common password patterns. Additionally, hackers employ AI technology to create fake fingerprint and voice samples to deceive biometric-based systems, allowing them to bypass security measures based on these traits.
5. Analyzing Data for Targeted Attacks: Hackers utilize AI to gather and analyze vast amounts of data from various sources, including social media and leaked databases. This enables them to identify trends and design tailored attacks, adapting their strategies based on vulnerabilities or targeting specific individuals, all in their quest to steal valuable information from companies.

The evolution of AI allows for the rapid generation of slightly different scripts using various words, enabling the creation of various malicious artifacts. Consequently, defenders and threat hunters must swiftly embrace this technology to avoid falling behind cyber attackers.

Cybercriminals employ several key AI-driven methods to breach company networks, including the generation of deep fakes, sophisticated malware development, stealthy attacks, AI-assisted password cracking, CAPTCHA circumvention using GANs, impersonation on social networks, and the use of automated frameworks.

In underground forums dedicated to scams, threat actors have begun exploring ways to exploit ChatGPT and similar AI tools, particularly in early 2023. These efforts include generating digital art with tools like DALL·E2 and marketing it through legitimate channels like Etsy. Additionally, individuals have shared insights on creating e-books or chapters for online sale using ChatGPT.

Expert Insights on the Evolution of AI-Powered Cybercrime

The evolution of AI-powered cybercrime is currently in its nascent stage. In January 2023, researchers made a startling revelation concerning posts related to the bypassing of ChatGPT restrictions on the deep web. These posts served various purposes, including the development of malware, encryption tools, and trading platforms.

A Statista report, published in April 2023 and based on research conducted in January, shed light on the prevalent beliefs in this domain. According to the report, 50% of respondents anticipated that cyberattacks using ChatGPT would be executed within a year. An even larger 80% believed that such cyberattacks might materialize within two years.

Within this discourse, there are experts expressing contrasting viewpoints about the evolution of AI. A senior FBI official emphasized, “We anticipate that as the adoption and democratization of AI models continue, these hacking trends will intensify.” However, Bitdefender’s Tech Solutions Director, Martin Zugec, countered this argument, stating, “The quality of malware code produced by chatbots tends to be subpar.

Furthermore, in various underground forums dedicated to fraudulent activities, threat actors initiated discussions on exploiting ChatGPT’s capabilities at the outset of 2023. Their activities ranged from generating digital art through another AI tool, DALLE2, and selling it through legitimate platforms such as Etsy. They also explored methods for creating and selling e-books or short chapters using the ChatGPT tool.

Cybercrime’s Shifting Landscape: The Role of AI in Future Threats

Sami Khoury, the head of the Canadian Centre for Cyber Security, has pointed out that AI is making significant inroads into the world of cybercrime. According to him, evolution of AI is now being harnessed for a variety of nefarious purposes, from crafting more convincing phishing emails to generating malicious code and spreading misinformation and disinformation (source: Reuters, July 20, 2023). However, Khoury also notes that there’s still room for growth in this area, as creating a truly effective exploit remains a challenging endeavor.

Cybercrime stands out as a domain that has adeptly embraced the capabilities of AI. Its effectiveness lies in its ability to not only understand current trends but also predict future ones. This makes it a formidable tool in the hands of those who seek to exploit the advantages of artificial intelligence. As the saying goes, “By far, the greatest danger of Artificial Intelligence is that people conclude too early that they understand it.” (Eliezer Yudkowsky, Telefonicatech)

AI has shown remarkable efficiency in the realm of criminal cyber activities, thanks to its reliability in forecasting both current and future events. The potential of AI in this field is evident in various methods employed by cybercriminals to infiltrate company networks:

1. Deep Fake Generation: AI is used to create convincing deep fakes, making it harder to discern fake content from real.
2. State-of-the-Art Malware: AI facilitates the development of sophisticated malware, enabling more potent and challenging-to-detect attacks.
3. Sneak Attacks: AI aids in stealthy intrusion techniques that are hard to detect until it’s too late.
4. AI-Enhanced Password Guessing: Cybercriminals leverage AI to guess passwords, increasing their success rate.
5. CAPTCHA Breaking with GANs: AI, particularly Generative Adversarial Networks (GANs), is used to break CAPTCHA systems, bypassing security measures.
6. Human Masquerade on Social Networks: AI helps impersonate legitimate users on social networks, enabling cybercriminals to deceive and manipulate.
7. Automated Frameworks: AI-driven automated frameworks streamline and enhance the efficiency of cyberattacks.

The interplay between AI and cybercrime is evolving rapidly, creating new challenges for cybersecurity professionals. As AI continues to advance, both defenders and offenders in the digital realm must adapt and innovate to stay ahead in this ongoing battle.

How Does the Evolution of AI Impact Cybersecurity?

Europol has foreseen a troubling trend in the world of cybercrime, one where artificial intelligence plays an increasingly prominent role in identifying targets, and vulnerabilities, and expanding the scale and impact of attacks. The agency predicts that cybercriminals will unleash larger and more dangerous cyberattacks, bolstered by the power of AI.

An area where this advancement is particularly concerning is in the realm of deception. AI-driven tools like ChatGPT can now mimic human writing styles and bewilder victims, making them believe they are conversing with real humans. Europol has issued a stern warning about the potential misuse of “NO CODE” tools, which can transform human language into code, potentially inciting greater interest in cybercrime among the younger generation.

The evolution of AI-powered malware is another grave concern. These malicious programs are growing smarter, capable of homing in on specific information, such as a company’s intellectual property or employee data. Ransomware, too, is adapting, discovering new vulnerabilities while maintaining stealth for extended periods, evading detection within IT systems.

Furthermore, artificial intelligence has the potential to breach biometric security measures and mimic human device-handling behavior, further complicating cybersecurity efforts.

A Statista report from April 2023 shed light on public perceptions. A majority of respondents, 53%, expressed fears that cybercriminals could harness chatbots like ChatGPT to craft more convincing phishing emails. Similarly, 49% believed that ChatGPT could be used by novice hackers to bolster their technical knowledge and perpetuate misinformation. This research was based on responses from cybersecurity firms across the UK, US, and Australia.

The dangers posed by the evolution of AI’s capacity to intensify and multiply attacks extend to individuals, critical infrastructure, and national security. It’s a sobering reality that society must grapple with as AI continues its rapid advance.

On a more optimistic note, AI-based chatbots are showing signs of improved ethical behavior. The GPT-4 model, for instance, generates 89% less harmful content compared to its predecessor, GPT-3.5, according to a Statista report published in May 2023.

The evolution of AI, with its manifold opportunities and associated risks, underscores the need for vigilance. Hackers are continually devising complex schemes to exploit AI’s potential for malicious ends, threatening not only individuals but also businesses and nations. To harness the power of this technology while minimizing harm, we must remain watchful, adaptable to the evolving landscape, and dedicated to implementing ethical AI practices.

The path forward hinges on collective vigilance, collaboration, and ethical considerations. The choices we make in navigating this AI transformation will determine the future we shape.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.