Artificial intelligence (AI) has lowered the barriers to entry into the digital domain and democratised resources to the extent that cyber crime as a service is now an established business model within the global cyber security ecosystem. The technology has also empowered e-commerce sites on the dark net to streamline operations and trade faster than before.
This is according to tech expert and cyber security guru, Jamie Bartlett, who delivered a keynote presentation on day two of the 20th ITWeb Security Summit 2025 in Sandton, Johannesburg.
Bartlett has investigated cyber criminals for 15 years and is well known for his contribution to a BBC podcast series, The Missing Cryptoqueen, and for writing the book of the same title.
The book and podcast detail the investigation of Ruja Ignatova, aka, ‘the crypto-currency queen’, the person behind the OneCoin ponzi crypto-currency scheme. The fraudulent venture is said to have caught millions of people unaware and managed to fool many users into investing their money.
“The scheme was based on selling crypto-currency via multilevel marketing. It spread like wildfire in 2017, catching 1 million people, with 5 billion invested into OneCoin involving 75 countries, including every country in Africa,” said Bartlett.
According to Bartlett, one of the reasons why the scheme managed to defraud so many people globally was because it played on people’s fear of missing out – an essential component in any financial scam.
Dark web sales
Bartlett has studied the dark web for over 10 years. He said while it is a small network of a few hundred sites, it has emerged as a strong platform for cyber criminal marketing sites. “There are about a dozen or so of these sites. It’s very easy for people to find and use.”
There is increased competition in these markets and the cyber criminals are becoming more creative, said Bartlett.
“These marketing sites generated $2 billion in sales last year,” he said, emphasising the results of lowering barriers to entry.
“You don’t have to build ransomware anymore; there are cyber criminal groups that you can use to source this. These cyber criminals are creative and customer-centric… they are checking out new technology to make their lives easier.”
AI to ‘hack’ the mind
Bartlett said cyber criminals are using AI to identify and target unknown and unprotected vulnerabilities with zero-day exploits.
They are also aware of the psychology behind AI-driven attacks, he added. “Thirty percent of successful breaches in organisations starts with a phishing e-mail. GenAI is used to hack the human mind for social engineering attacks.”
Bartlett said cyber criminals are contemplating how to make e-mails more clickable, using information to personalise e-mails – much like a spear phishing attack.
Bartlett believes in about 18 months, markets will witness significant changes, such as the introduction of deepfake as a service and possibly phishing phone calls using voice cloning software.
His advice to companies is to change management procedures, such as a policy that any invoice or required payment for a specific amount must be signed off in person.
He adds that regular cyber security training is critical and should cover user behaviour.
“Testing must be lifelike and in real-time… so co-ordinate penetration testing while employees are busy, rushed or right before they want to leave for the day. We also need to change the way we think about failure or our response to falling victim to scams. Tell the story and use the experience as a way to learn.”
Share