The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Forty Countries Agree Not to Pay Cybercrime Ransoms
November 1, 2023
Dozens of US allies have signed an agreement never to pay digital extortionists, in a sign of the growing impact ransomware is having on their national security and economies. The pledge was made at the second annual meeting of the International Counter Ransomware Initiative and reported by attendant media, although there is no official word yet ...
- Ransomware gang HelloKitty exploits critical Apache ActiveMQ bug CVE-2023-46604
November 1, 2023
Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer environments. In both instances, the adversary attempted to deploy ransomware binaries on target systems in an effort to ransom the victim organizations. Based on the ransom note and available evidence, we attribute the activity to ...
- Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (CVE-2023-4966)
October 31, 2023
On Oct. 10, 2023, Citrix released a security bulletin for a sensitive information disclosure vulnerability (CVE-2023-4966) impacting NetScaler ADC and NetScaler Gateway appliances. Mandiant has identified zero-day exploitation of this vulnerability in the wild beginning in late August 2023 as well as n-day exploitation after Citrix’s publication. Mandiant is investigating multiple instances of successful exploitation of ...
- British Library suffering major technology outage after cyber-attack
October 31, 2023
The British Library is suffering a technology outage after it was hit by a cyber-attack, which is affecting services online and its sites in London and Yorkshire. Access to the website, as well as the catalogue and digital collections, is temporarily unavailable. The collection of items ordered on or after 27 October, new collection item orders ...
- India: What you need to know about the Apple and Aadhaar attacks
October 31, 2023
October 31 was a big day for data protection, privacy and surveillance. First, reports poured in about a massive breach of Aadhaar information, with estimates that the data of 815 million Indians had been put up for sale on the ‘dark web’. Soon after, many opposition leaders and civil society members began sharing messages they ...
- Step-by-step through the Money Message ransomware
October 30, 2023
In August 2023, the Sophos X-Ops Incident Response team was engaged to support an organization in Australia infected with Money Message ransomware. This attack vector, known for its stealth, does not append any file extensions to the encrypted data, making it harder for victims to identify the encrypted files simply by spotting such extensions. In ...