The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber Thieves Are Getting More Creative
April 24, 2023
Cybercriminals pull off many of their crimes by combining lots of real information with just a tiny bit of misinformation, which can be financially devastating for both companies and individuals. This article describes some recent examples of this technique, which include exploiting wire transfers, stealing paychecks, and tricking employees into helping “the boss.” It’s important to ...
- Tomiris called, they want their Turla malware back
April 24, 2023
Kaspersky introduced Tomiris to the world in September 2021, following their investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Kaspersky researchers initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been associated to NOBELIUM/APT29/TheDukes) as well as Kazuar (which has been associated to Turla); ...
- How fiends abuse an out-of-date Microsoft Windows driver to infect victims
April 24, 2023
Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems. This detection evasion utility, which Sophos X-Ops researchers are calling AuKill, is the latest example in a growing trend where miscreants either abuse a legitimate driver to disable, silence or otherwise ...
- Decoy Dog malware toolkit found after analyzing 70 billion DNS queries
April 23, 2023
A new enterprise-targeting malware toolkit called ‘Decoy Dog’ has been discovered after inspecting anomalous DNS traffic that is distinctive from regular internet activity. Decoy Dog helps threat actors evade standard detection methods through strategic domain aging and DNS query dribbling, aiming to establish a good reputation with security vendors before switching to facilitating cybercrime operations. Read more… Source: ...
- European air traffic control confirms website ‘under attack’ by pro-Russia hackers
April 22, 2023
Europe’s air-traffic agency appears to be the latest target in pro-Russian miscreants’ attempts to disrupt air travel. Eurocontrol confirmed on Friday its website has been “under attack” since April 19, and said “pro-Russian hackers” had claimed responsibility for the disruption. Read more… Source: The Register
- Bank of America at odds with Lloyd’s over state-backed cyberattack exemption
April 20, 2023
Bank of America has reportedly raised concerns with Lloyd’s of London about a move to exempt “state-backed” cyberattacks from standard insurance policies. Bank of America highlighted its concerns with the policy in a series of meetings between Lloyd’s and its biggest clients, the Financial Times reported. Read more… Source: MSN News