Cybercriminal Trends and Hypes
According to an analysis by Trend Micro, the latest developments in the cybercrime market include jailbreaking-as-a-service and deepfake services.
Jailbreaking-as-a-Service for LLMs
While AI technologies are rapidly gaining acceptance in the business world, attempts to develop their own cybercriminal Large Language Models (LLMs) have been largely abandoned in the cybercrime world over the past year. Instead, criminals shifted their focus to “jailbreaking” existing models, i.e. using special tricks to get them to bypass their integrated security measures.
There are now offers such as jailbreaking-as-a-service. Criminals use sophisticated techniques to get LLMs to respond to requests that should actually be blocked. These techniques range from role-playing games and hypothetical scenarios to the use of foreign languages. Service providers such as OpenAI and Google are working to close these security gaps. Cybercriminal users, in turn, have to resort to more sophisticated jailbreaking prompts. This has created a market for a new class of criminal services in the form of chatbot offerings for jailbreaking.
FraudGPT, DarkBARD, DarkBERT, DarkGPT
“We’ve looked at the underground conversations about AI and found that interest in generative AI has followed general market trends, but adoption seems to be lagging behind. We’ve also seen LLM offerings from criminals for criminals. These include FraudGPT, DarkBARD, DarkBERT and DarkGPT, which have many similarities. For this reason, we suspect that they most likely function as wrapper services for the legitimate ChatGPT or Google BARD – we call them Jailbreaking-as-a-Service services. We have also investigated other potentially fake criminal LLM offerings: WolfGPT, XXXGPT and Evil-GPT,” said David Sancho, Senior Threat Researcher at Trend Micro.
Deepfake services on the rise
Deepfakes have been around for some time, but only recently have real cybercriminal offers been discovered. Criminals are offering deepfake services to bypass identity verification systems. This is becoming an increasing problem in the financial sector in particular, as banks and cryptocurrency exchanges demand ever more stringent checks.
Deepfakes are becoming cheaper and easier to create. Cybercriminals are using this technology to create fake images and videos that can fool even advanced security systems. A stolen ID document is often enough to create a convincing fake image.