The underground market for criminally oriented generative AI has moved beyond the early hype surrounding ‘malicious chatbots.’ The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals; it lowers friction, increases speed, and expands the range of actors able to perform tasks that previously required more time, skill, or external support.
Read more…
Source: Rapid7 News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US Secretary of State: Я буду работать с Россией по вопросам кибербезопасности
June 23, 2017
US Secretary of State Rex Tillerson has expressed a willingness to work directly with Russia on cybersecurity and other issues. The proposed partnership is surprising, given the continued controversy over allegations that the Russians interfered with last year’s US presidential election – a serious accusation at the center of an ongoing Congressional inquiry. Secretary of State Tillerson ...
- Breach at UK.gov’s Cyber Essentials scheme exposes users to phishing attacks
June 21, 2017
The operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme’s badges are required by all suppliers bidding for “certain sensitive and personal information-handling contracts”. Companies were notified of the problem, which leaves them at greater risk of phishing attack, through ...
- FIN10 Extorting Canadian Mining Companies, Casinos
June 20, 2017
Cybercriminals targeting casinos and mining firms in North America have extorted as much as $620,000 per theft during a four-year run in which they threaten victims with the destruction or public release of stolen data. Between 2013 and 2016, mostly Canadian firms were hit with nearly a dozen seemingly unrelated hacks, but after an analysis of the ...
- Brit hacker admits he siphoned info from US military satellite network
June 16, 2017
A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about 30,000 satellite phones, back ...
- German police nick alleged admin of dark web gun sales site
June 12, 2017
German police have arrested a man they suspect of being the administrator of a dark net website. The site is said to have been used to buy a gun used in a 2016 mass murder. The unnamed 30-year-old man was arrested on 8 June in “south west Germany”, according to Sky News. The server used to host ...
- Hackers Started Using “SambaCry Flaw” to Hack Linux Systems
June 10, 2017
Two weeks ago we reported about a 7-year-old critical remote code execution vulnerability in Samba networking software (re-implementation of SMB networking protocol) that allows a remote hacker to take full control of a vulnerable Linux and Unix machines. To know more about the SambaCry vulnerability (CVE-2017-7494) and how it works, you can read our previous article. At ...