The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Updates Advisory on #StopRansomware: Cuba Ransomware
December 13, 2022
The Federal Bureau of Investigation (FBI) and CISA have updated joint Cybersecurity Advisory AA22-335A: #StopRansomware: Cuba Ransomware, originally released on December 01, 2022. The advisory has been updated to include additional indicators of compromise (IOCs). CISA encourages organizations to review the latest update to AA22-335A and apply the recommended mitigations. Read more… Source: U.S. Cybersecurity and Infrastructure Security ...
- Researchers smell a cryptomining Chaos RAT targeting Linux systems
December 13, 2022
A type of cryptomining malware targeting Linux-based systems has added capabilities by incorporating an open source remote access trojan called Chaos RAT with several advanced functions that bad guys can use to control remote operating systems. Trend Micro security researchers discovered the threat last month. Like earlier, similar versions of the miner that also target Linux ...
- New Fortinet bug under active exploitation
December 13, 2022
Fortinet has warned customers to patch immediately against a new vulnerability it said is under active exploitation. The critical-rated vulnerability exists in a VPN product, FortiOS SSL-VPN. In its advisory, the company said the bug is a heap-based buffer overflow. Read more… Source: IT News
- IIS modules: The evolution of web shells and how to detect them
December 12, 2022
Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector or mechanism of persistence. Monitoring for exploitation and web shells should be a high priority ...
- Ransomware group Play threatens to publish Antwerp’s data
December 12, 2022
Ransomware group Play claims to hold 557GB of data from the city of Antwerp. The local government fell victim to a ransomware attack last week. Play listed the city of Antwerp on its darkweb page on Sunday. The ransomware group uses the page to publicize victims. Play claims to hold 557GB of city data, including passports ...
- Uber suffers new data breach after attack on vendor, info leaked online
December 12, 2022
Uber shared further information with BleepingComputer on how its data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company. Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity ...