The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Metro Bank targeted with 2FA-bypassing SS7 attacks
February 1, 2019
Metro Bank has reportedly fallen victim to a sophisticated two-factor authentication (2FA) bypass attack after hackers infiltrated a telecoms firm’s text messaging protocol. The Signalling Systems No. 7 (SS7) protocol is used by telecom firms to coordinate how texts and calls are routed around the world. But according to Motherboard, hackers are more actively exploiting SS7, and ...
- Prepare to Defend Your Network Against Swarm-as-a-Service
January 31, 2019
Swarm technology may be a game changer for the bad guys if organizations don’t change their tactics. The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, ...
- Theoretical Ransomware Attack Could Lead to Global Damages Says Report
January 29, 2019
According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. First of all, it is important to understand that although the numbers look very scary, this type of ...
- Users of illegal websites targeted in joint law-enforcement activity
January 29, 2019
The National Crime Agency, working with law enforcement partners from 14 countries, has taken action against a number of cyber criminals website users linked to four million attacks across the globe. This latest action is part of Operation Power Off, which pursues those individuals and services responsible for committing or facilitating DDoS (Distributed Denial of Service) ...
- Police Shut Down xDedic – An Online Market for Cyber Criminals
January 29, 2019
In an international operation involving law enforcement authorities from the U.S. and several European countries, feds have shut down an online underground marketplace and arrested three suspects in Ukraine. Dubbed xDedic, the illegal online marketplace let cybercriminals buy, sell or rent out access to thousands of hacked computers and servers across the world and personally identifiable ...
- Global ransomware could cost almost $200bn
January 29, 2019
A global ransomware attack could cost $193 billion and affect more than 600,000 businesses worldwide, according to a new report. The report is called ‘Bashe Attack: Global infection by contagious malware’ and has been compiled by a Singapore-based public-private initiative called Cyber Risk Management. Lloyds of London is one of the initiatives founding members and posted ...