The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Louisiana: Lake Charles Memorial Health has possible cybersecurity incident
December 26, 2022
Some Lake Charles health care system patients may have had their information involved in a cybersecurity incident. The Lake Charles Memorial Health System on Friday mailed letters to some of its “patients whose information may have been involved in a recent cybersecurity incident,” according to a news release from the company. On Oct. 21, the system’s information ...
- Hacker claims to be selling Twitter data of 400 million users
December 26, 2022
A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They’re asking $200,000 for an exclusive sale. The alleged data dump is being sold by a threat actor named ‘Ryushi’ on the Breached hacking forum, a site commonly used to sell user ...
- IcedID Botnet Distributors Abuse Google PPC to Distribute Malware
December 23, 2022
After closely tracking the activities of the IcedID botnet, Trend Micro researchers have discovered some significant changes in its distribution methods. Since December 2022, Trend Micro observed the abuse of Google pay per click (PPC) ads to distribute IcedID via malvertising attacks. This IcedID variant is detected by Trend Micro as TrojanSpy.Win64.ICEDID.SMYXCLGZ. Advertising platforms like Google ...
- LastPass admits attackers have a copy of customers’ password vaults
December 23, 2022
Password locker LastPass has warned customers that the August 2022 attack on its systems saw unknown parties copy encrypted files that contains the passwords to their accounts. In a December 22nd update to its advice about the incident, LastPass brings customers up to date by explaining that the August 2022 attack saw “some source code and ...
- Crooks copy source code from Okta’s GitHub repository
December 23, 2022
Intruders copied source code belonging to Okta after breaching the identity management company’s GitHub repositories. Okta was alerted by Microsoft-owned GitHub earlier this month of “suspicious access” to its code repositories and determined that miscreants copied code associated with the company’s Workforce Identity Cloud (WIC), an enterprise-facing access and identity management tool to enable workers and ...
- Vice Society ransomware gang switches to new custom encryptor
December 22, 2022
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305. According to cybersecurity firm SentinelOne, which discovered the new strain and named it “PolyVice,” it’s likely that Vice Society sourced it from a vendor who supplies similar tools to other ransomware ...