RenAIssance AI and its exploitation by anyone with a modicum of malicious intent is a topic on par with the current top 10 pop radio singles – ubiquitous, and somehow on everyone’s mind. Automated attacks, sophisticated phishing schemes, adaptive malware, supercharging the threat actors’ capabilities, the transformative potential of AI have been listed as the next disruptive novelty in the cybercrime news. The intriguing aspect of AI in cybercrime, however, lies less in the realm of disruption, and almost entirely in the same realm that all of us exist in physically, including the cybercriminals themselves: the human reality we all share. The core application of AI is enhancing existing human ability to process tasks, and its implementation in our daily lives is still largely dependent on higher levels of skill and resource investment on the side or end users who would like to experience the transformative tech beyond shaping phishing prompts or drafting legitimate emails to their doctor. In this report, we will be mainly focusing on the support uses of AI in the cybercriminal world. The full Threat Spotlight can be viewed in our Premium Threat Pulse. This is available to Managed Service clients and those that purchase our Intelligence Subscription Service. If you are interested in key insights and explorations of the current threat and geopolitical landscape, look no further than our monthly Threat Spotlights. These will provide you with an in-depth view of current pertinent topics from AI, rising malware, emerging threat actors, nation-state activities and more.
Advised defensive strategies remain unchanged as AI has an augmentative role in existing TTPs (Tactics, Techniques & Procedures), though heightened awareness of the landscape may aid in future decision making. Part 1: Attack tools A large portion of the underground chatter concerning AI seems to be heavily focused on pure learning efforts. Participants discuss GPT prompts, potential implementation of AI and other hypotheticals, and periodically inquire about the service providers within the area that could construct something resembling the said hypotheticals. Straddling the line between attack and support tools, one area of obvious AI augmentation is in that of reconnaissance. In its current state AI’s role within these tools is more supportive than offensive, though with the rapid rate of development this could change very quickly. If AI can be harnessed to facilitate increased automation this gap will get smaller and smaller. Once access is acquired a threat actor’s next goal is often to gather additional privileges or move laterally throughout the network.
THREAT SPOTLIGHT SECTION 04
12
13
Made with FlippingBook flipbook maker