The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up
August 30, 2023
National Grid is to set “honeypots” and plant false documents online as part of efforts to counter a surge in cyber attackers. The Grid has advertised a contract worth more than a million pounds to secure advanced cyber “deception” technology to help improve its digital defences. The London-listed infrastructure provider, which runs Britain’s electricity network and ...
- CISA and FBI Publish Joint Advisory on QakBot Infrastructure
August 30, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. Originally used ...
- Exploring the Inner Workings of DuckTail
August 30, 2023
In their persistent quest to decode DuckTail’s maneuvers, Zscaler ThreatLabz began an intelligence collection operation in May 2023. Through an intensive three-month period of monitoring, Zscaler researchers obtained critical details about DuckTail’s operational framework. This expedition granted them unprecedented visibility into DuckTail’s end-to-end operations, spanning the entire kill chain from reconnaissance to post-compromise. Zscaler team yielded valuable ...
- For the win? Offensive research contests on criminal forums
August 29, 2023
If you’re a security researcher who wants to share your innovations and insights with the wider community (and gain some peer recognition into the bargain), you’ve got a few options: present at conferences; write papers, blogs etc. The legitimate side of the house is awash with opportunities. But what if you’re a threat actor, whose research ...
- CISA Releases IOCs Associated with Malicious Barracuda Activity
August 29, 2023
CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances. Read more… Source: U.S. Cybersecurity and Infrastructure ...
- Deconstructing ransomware, cybercriminals and their modus operandi
August 29, 2023
The problem of ransomware is a seemingly age-old problem that is not going away, at least not any time soon. Governments and law enforcement are banding together to try to battle this issue with financial sanctions and takedowns of the groups behind ransomware attacks but they’re like the mythical beast Hydra – take the head ...