Threat actors are skeptical about artificial intelligence's (AI) value in augmenting their dark arts. They talk about it but do little with it.
That was the latest finding Sophos made in its latest report, “Cybercriminals Still Not Fully on Board the AI Train (Yet)." Threat actors seem not to be showing much interest in using AI to aid their attacks. They are either talking about it in underground forums or tinkering with the technology.
So, what gives?
Staying One Step Ahead of Inaction
Sophos prides itself on staying one step ahead of the bad guys. Sophos X-Ops is quick to disseminate cyber threat assessments to partners, helping them improve their game and protecting their clients' data. Meanwhile, while the corporate world is increasing cybersecurity spending they are in headlong rush to figure out if AI should be an assistant or a replacement. Cyberthieves are not in a hurry to use AI, lagging behind the trend instead of leading it. And this is puzzling.
A year after Sophos’ initial research on threat actors’ attitudes to generative AI, they revisited various cybercrime forums and noted a slight shift. A few threat actors are applying AI to spamming, OSINT, and social engineering. Sophos found some Chinese cybercriminals are trying out ‘sha zhu pan’ fraud campaigns, using AI to generate text and images.
Only three GPT derivatives appeared in the cybercrime forums Sophos researched, but these were broken or unclear. The last time Sophos peaked into this world in November 2023, there were 10 GP derivatives, mostly jailbroken versions of GPT with some prompts and tools.
Sophos Watches While Cyber Thieves Tinker
To sum up, the threat actors still focus on "business as usual," using the same tools and techniques to break into IT systems and conduct ransomware attacks. They mostly experiment with AI, sometimes posting "proof of concept" techniques.
Threat actors have limited their AI use to large-scale, repetitive tasks, like crafting mass emails and fake sites. They are not using this technology to do anything more nuanced or complex. Expect to see cyberthieves use AI to craft time-saving tools rather than create novel forms of cyberattack.
But this may not last.
Sophos partners should not be complacent, even if the news is good. Instead, they should keep up with the latest technical information Sophos provides on the evolving threat landscape. Informed channel partners are the first line of defense for their clients' data.