The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- LockBit ransomware gang claims it ransacked Italy’s tax agency
July 26, 2022
The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy’s tax agency and is threatening to leak it if a ransom isn’t paid by July 31. The notorious gang put a notice on its dark-web site adding the agency – the Agenzia delle Entrate – to its growing list of victims. According ...
- Amadey malware pushed via software cracks in SmokeLoader campaign
July 24, 2022
A new version of the Amadey Bot malware is distributed through the SmokeLoader malware, using software cracks and keygen sites as lures. Amadey Bot is a malware strain discovered four years ago, capable of performing system reconnaissance, stealing information, and loading additional payloads. While its distribution has faded after 2020, Korean researchers at AhnLab report that a ...
- Hacker selling Twitter account data of 5.4 million users for $30k
July 22, 2022
Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Yesterday, a threat actor known as ‘devil’ said on a stolen data market that the database ...
- How Conti ransomware hacked and encrypted the Costa Rican government
July 21, 2022
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices. This is the last attack from the Conti ransomware operation before the group transitioned to a different form of organization that relies on ...
- New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
July 21, 2022
A new and previously undetected malware dubbed ‘Lightning Framework’ targets Linux systems and can be used to backdoor infected devices using SSH and deploy multiple types of rootkits. Described as a “Swiss Army Knife” in a report published today by Intezer, Lightning Framework is a modular malware that also comes with support for plugins. Read more… Source: Bleeping ...
- LockBit: Ransomware Puts Servers in the Crosshairs
July 20, 2022
LockBit affiliates using servers to spread ransomware throughout networks. Symantec, a division of Broadcom Software, has observed threat actors targeting server machines in order to spread the LockBit ransomware threat throughout compromised networks. In one attack observed by Symantec, LockBit was seen identifying domain-related information, creating a Group Policy for lateral movement, and executing a “gpupdate /force” ...