Cybercriminals are testing ChatGPT and other LLMs on the dark web

Kaspersky's Digital Footprint Intelligence service found nearly 3,000 Dark Web posts mainly discussing the use of ChatGPT and other LLMs (large alanguage models) for illegal activities.

PHOTO Shutterstock

Threat actors are exploring schemes ranging from creating malicious chatbot alternatives to jailbreaking the original and more.

The popularity of AI-based tools has led to the integration of chatGPT autoresponders or its equivalents into some cybercrime forums. In addition, threat actors tend to share jailbreaks through various dark web channels—special sets of requests that can unlock additional functionality—and devise ways to exploit legitimate tools, such as those for pentesting, based on patterns for malicious purposes. intentional.

Apart from the mentioned chatbot and artificial intelligence, considerable attention is paid to projects such as XXXGPT, FraudGPT and others. These models are marketed on the dark web as alternatives to ChatGPT, offering additional functionality and the absence of the original limitations.

Another threat to users and businesses is the account market for the paid version of ChatGPT. In 2023, another 3000 posts (in addition to those previously mentioned) were observed advertising ChatGPT accounts for sale on the dark web and Telegram channels. These posts either distribute stolen accounts or promote self-registration services, creating massive numbers of accounts on demand. In particular, certain posts were repeatedly published on multiple dark web channels.

Detailed research is presented on the Kaspersky Digital Footprint Intelligence website. To avoid threats related to cyber criminal activities in the dark web segment, the following security measures are worth implementing:

  • Use Kaspersky Digital Footprint Intelligence to help security analysts explore an adversary's view of company resources, promptly discover potential attack vectors available to attackers. This also helps to raise awareness of existing threats from cybercriminals to adjust your defenses accordingly or take timely countermeasures and removal.
  • Choose a reliable endpoint security solution that is equipped with behavior-based anomaly detection and control capabilities for effective protection against known and unknown threats.
  • Dedicated services can help combat high-profile attacks.

Kaspersky Digital Footprint Intelligence is a service that helps companies monitor their digital assets and detect threats from the surface web and dark web. Here are some features:

1. Malicious domain removal service: Kaspersky has enhanced Digital Footprint Intelligence with a malicious domain removal service. This service handles the entire process of removing malicious and phishing domains.

2. Protection: Due to Kaspersky's extensive experience in threat research and long-term cooperation with international organizations and law enforcement agencies, including INTERPOL and Europol, as well as computer emergency response teams (CERTs), the malicious domain removal service intended protection of online services and the reputation of companies.

3. Global coverage: No matter where the malicious phishing domain is located, the service can take it down quickly.

4. Standard Package: The standard package includes ten removals per month and can be customized according to the client's needs.

5. Identification of client network resources: Kaspersky Digital Footprint Intelligence identifies client network resources and exposed services that represent a potential entry point for an attack.