The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Oil and Gas Cybersecurity: Trends & Response to Survey
October 13, 2022
Trend Micro conducted a study on the state of industrial cybersecurity in the oil and gas, manufacturing, and electricity/energy industries in 2022. Based on the results of a survey of over 900 ICS business and security leaders in the United States, Germany, and Japan, they discuss the characteristics of each industry, the motivations and environmental ...
- Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
October 13, 2022
Cisco Talos has discovered a new single-file command and control (C2) framework the authors call “Alchimist .” Talos researchers found this C2 on a server that had a file listing active on the root directory along with a set of post-exploitation tools. Cisco Talos assesses with moderate-high confidence that this framework is being used in the ...
- Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
October 13, 2022
On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating from a fully patched instance of Zimbra. The details they provided allowed Zimbra to confirm that an unknown vulnerability allowed attackers to upload arbitrary files to up-to-date servers. At the moment, Zimbra has released a patch ...
- Private health insurance company Medibank affected by cyber attack less than a month after telco Optus was targeted
October 13, 2022
Health insurance giant Medibank Group is the latest Australian company to become the target of a cyber attack. Last month telecommuncations company Optus was hit by a wide-scale breach which saw more than two million customers affected. Telstra was also rocked by a data breach which saw the personal details of 30,000 current and former staff leaked. Read ...
- Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
October 12, 2022
QAKBOT’s malware distribution resumed on September 8, 2022 following a brief hiatus, when our researchers spotted several distribution mechanisms on this date. The distribution methods observed included SmokeLoader (using the ‘snow0x’ distributor ID), Emotet (using the ‘azd‘ distributor id), and malicious spam that used the ‘BB’ and ‘Obama20x’ IDs. A recent case involving the QAKBOT ‘BB’ ...
- Malicious WhatsApp mod distributed through legitimate apps
October 12, 2022
Last year, Kaspersky researchers wrote about the Triada Trojan inside FMWhatsApp, a modified WhatsApp build. At that time, they discovered that a dropper was found inside the distribution, along with an advertising SDK. This year, the situation has repeated, but with a different modified build, YoWhatsApp version 2.22.11.75. Inside it, researchers have found a malicious ...