The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- North Korea Aggressively Targeting Crypto Industry with Well-Disguised Social Engineering Attacks
September 3, 2024
The Democratic People’s Republic of Korea (“DPRK” aka North Korea) is conducting highly tailored, difficult-to-detect social engineering campaigns against employees of decentralized finance (“DeFi”), cryptocurrency, and similar businesses to deploy malware and steal company cryptocurrency. North Korean social engineering schemes are complex and elaborate, often compromising victims with sophisticated technical acumen. Given the scale and persistence ...
- Decoding the Puzzle: Cicada3301 Ransomware Threat Analysis
September 3, 2024
Cicada3301 ransomware, written in Rust, was first reported less than two months ago. Despite its recent emergence, Morphisec threat researchers have already identified striking similarities between Cicada3301 and the infamous BlackCat ransomware. Like its namesake, the Cicada puzzle, which has long been associated with complex, cyber-related problem-solving, the true identity of the Cicada3301 ransomware developers remains ...
- Transport for London dealing with ‘ongoing cyber security incident’
September 3, 2024
Transport for London (TfL) is dealing with whats it calls an “ongoing cyber security incident”. The organisation, which is responsible for most of London’s transport network, has not shared specific details of the incident but it confirmed there is currently no evidence customer data has been compromised. Shashi Verma, TfL’s chief technology officer, said: “We have ...
- Should State Governments Ban Ransomware Payments?
September 3, 2024
In 2021, North Carolina became the first state to prohibit public ransomware payments, even going so far as to ban negotiations with cyber criminals. It was a groundbreaking move. Florida followed suit in 2022, but its legislation took a less stringent approach, covering a narrower range of entities and omitting some of the stricter provisions ...
- Stone Wolf employs Meduza Stealer to hack Russian companies
September 2, 2024
BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...
- Head Mare: adventures of a unicorn in Russia and Belarus
September 2, 2024
Head Mare is a hacktivist group that first made itself known in 2023 on the social network X (formerly Twitter). In their public posts, the attackers reveal information about some of their victims, including organization names, internal documents stolen during attacks, and screenshots of desktops and administrative consoles. By analyzing incidents in Russian companies, Kaspersky researchers ...