The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Malicious packages deepseeek and deepseekai published in Python Package Index
February 2, 2025
As part of their research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package Index (PyPI) package repository. The attack targeted developers, ML engineers, and ordinary AI enthusiasts who might be interested in ...
- Tackling cybercrime: common challenges and legislative solutions identified by Europol and Eurojust
January 31, 2025
Published today, the latest joint report by Europol and Eurojust, Common Challenges in Cybercrime, explores the persistent and emerging issues that hinder cybercrime investigations. This year’s edition not only identifies key obstacles—particularly in the field of digital evidence—but also examines how new legislative measures could help address them. The report highlights several pressing challenges faced by ...
- Ukraine’s defense intel launches cyber attack on Gazprom
January 31, 2025
On the anniversary of the Battle of Kruty, a cyber unit of Ukraine’s Main Intelligence Directorate launched a DDoS attack on the digital infrastructure of Russia’s Gazprom and Gazpromneft. In particular, Ukrainian cyber professionals attacked the online services of the enterprises that support the activities of the Russian army. From January 28, 2025, company clients were ...
- Tata Technologies says ransomware attack hit IT assets
January 31, 2025
Tata Technologies, a technology and product engineering service company owned by Indian conglomerate Tata Group, has disclosed a ransomware attack that has forced it to suspend some of its services. The Pune-headquartered company said Friday that the incident affected “a few of our IT assets” while its client delivery services “remained fully functional and unaffected throughout.” ...
- Coyote Banking Trojan: A Stealthy Attack via LNK Files
January 30, 2025
Over the past month, FortiGuard Labs has identified several similar LNK files containing PowerShell commands designed to execute malicious scripts and connect to remote servers. These files are part of multi-stage operations that ultimately deliver the Coyote Banking Trojan. This malware primarily targets users in Brazil, seeking to harvest sensitive information from over 70 financial applications ...
- Europol: Law enforcement takes down two largest cybercrime forums in the world
January 30, 2025
A Europol-supported operation, led by German authorities and involving law enforcement from eight countries, has led to the takedown of the two largest cybercrime forums in the world. The two platforms, Cracked and Nulled, had more than 10 million users in total. Both of these underground economy forums offered a quick entry point into the cybercrime ...