The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- SEC says ‘compromised’ account to blame for tweet approving Bitcoin ETF
January 10, 2024
The Securities and Exchange Commission (SEC) said Tuesday that a post sent from the agency’s account on the social platform X/Twitter announcing the approval of a long-awaited bitcoin exchange-traded fund was “unauthorized”, and that the agency’s account had been “compromised”. The price of bitcoin briefly spiked more than $1,000 after the post on X claimed: “The ...
- AI aids nation-state hackers but also helps US spies to find them, says NSA cyber director
January 9, 2024
Nation state-backed hackers and criminals are using generative AI in their cyberattacks, but U.S. intelligence is also using artificial intelligence technologies to find malicious activity, according to a senior U.S. National Security Agency official. “We already see criminal and nation state elements utilizing AI. They’re all subscribed to the big name companies that you would expect ...
- Fidelity National Financial says hackers stole data on 1.3 million customers
January 9, 2024
Real estate services giant Fidelity National Financial (FNF) has confirmed hackers stole data on 1.3 million of its customers during a November cyberattack that knocked the company offline for a week. FNF said in a filing Tuesday with federal regulators: “We determined that an unauthorized third-party accessed certain FNF systems, deployed a type of malware that ...
- Kenya Airways suffers passenger data breach in cyber attack
January 9, 2024
Cybercriminals attacked Kenya Airways’ (KQ) information systems and obtained sensitive information, including contact details and identification documents, of passengers and staff of the airline, an authoritative source at KQ has confirmed. The cyber attack, which occurred late last month, led to unauthorised access to police investigation reports, phone numbers, email addresses, and passports of an unspecified ...
- New York: Refuah Health to spend over $1M on cyber security following ransomware attack
January 8, 2024
A Hudson Valley health care provider will spend more than $1 million on cybersecurity after a ransomware attack leaked patients’ information. An investigation by the state attorney general found Refuah Healthdid not have proper precautions set up to prevent the attack. Read more… Source: Bronx News 12
- Deceptive Cracked Software Spreads Lumma Variant on YouTube
January 8, 2024
FortiGuard Labs recently discovered a threat group using YouTube channels to distribute a Lumma Stealer variant. We found and reported on a similar attack method via YouTube in March 2023. These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL ...