The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Iranian Cyber Actors Targeting Personal Accounts to Support Operations
September 27, 2024
The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary ...
- Ransomware attacks increasingly target Vietnam’s financial sector
September 26, 2024
At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same time, the risk of information security is always lurking with the sector. According to statistics from ...
- Storm-0501: Ransomware attacks expanding to hybrid cloud environments
September 26, 2024
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and ...
- Australia’s biggest medical imaging provider I-MED data breach exposes tens of thousands of patient files
September 26, 2024
Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were ...
- Threat landscape for industrial automation systems, Q2 2024
September 26, 2024
In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. The percentage has decreased by 3.3 pp compared to the second quarter of 2023, when the indicator reached its highest level since records began in 2022. Read more… Source: Kaspersky Sign up ...
- From 12 to 21: How Kaspersky discovered connections between the Twelve and BlackJack groups
September 25, 2024
While analyzing attacks on Russian organizations, Kaspersky team regularly encounters overlapping tactics, techniques, and procedures (TTPs) among different cybercrime groups, and sometimes even shared tools. Kaspersky researchers recently discovered one such overlap: similar tools and tactics between two hacktivist groups – BlackJack and Twelve, which likely belong to a single cluster of activity. In this report, ...