HomeCII/OTThe demand for AI-based tools for criminal activity is on the rise

The demand for AI-based tools for criminal activity is on the rise

Published on

spot_img

The surge in cyberattacks and hacktivist activities, driven by multiple regional conflicts and geopolitical events, has led to an increase in ransomware attacks and the use of AI-driven tools by cybercriminals. According to research conducted by Trellix, the cybercriminal underground has evolved into a hub for malicious actors to sell new AI-based tools for carrying out cyber crimes.

The research highlights the growing complexity of the ransomware ecosystem, with threat actor groups adopting advanced tools embedded with AI technology to spread ransomware. The telemetry data from Trellix reveals that China-affiliated threat actor groups, particularly Mustang Panda, are significant sources of nation-state advanced persistent threat activities.

John Fokker, the Head of Threat Intelligence at Trellix Advanced Research Center, emphasized the importance of resilience planning for cybersecurity teams in light of the evolving tactics of cybercriminals. He mentioned that the increased use of generative AI by cybercriminals poses new challenges and urged the industry to monitor the transformative use of AI to strengthen defenses.

Despite several arrests and efforts by global law enforcement to dismantle infrastructure, ransomware groups have diversified and expanded their use of AI-powered tools to evade detection. The top five most active groups now account for less than 40% of all ransomware attacks, indicating a less concentrated effort among major actors. This dynamic nature of ransomware highlights the need for organizations and governments to continually update their strategies to counter evolving threats.

RansomHub emerged as the most active ransomware group, followed by LockBit, Play, Akira, and Medusa. The rise of smaller groups and the fluid nature of ransomware underscore the challenges faced by cybersecurity experts in combating these threats. Healthcare, education, and critical infrastructure sectors continue to be prime targets for ransomware attacks, with the US being the most targeted country, receiving 41% of all ransomware detections.

Trellix’s research also uncovered a thriving market for EDR evasion tools on the dark web, with ransomware groups like RansomHub using tools like EDRKillShifter to disable EDR capabilities before launching attacks. The sale of AI-based tools on the black market, such as the Radar Ransomware-as-a-Service program, further highlights the sophistication of cybercriminals in leveraging AI technology for criminal activities.

The study of industry cyber threat data revealed a rise in attacks from North Korea-aligned group Kimsuky, with targeted distribution across critical sectors. The government, financial sector, and manufacturing industry were among the most targeted sectors, underscoring the need for enhanced cybersecurity measures across all industries.

In conclusion, the evolving landscape of cyber threats, fueled by regional conflicts and geopolitical events, requires a proactive and adaptive approach from cybersecurity professionals to mitigate the impact of ransomware attacks and cybercrime driven by AI technology. Vigilance, resilience planning, and continual monitoring of emerging threats are essential to strengthen defenses and protect against evolving cyber threats.

Source link

Latest articles

NSF Launches AI Coordination Hubs Program

NSF Launches New AI Coordination Hubs Program to Strengthen Regional Intelligence Capacity The National Science...

Device Code Phishing Featuring Selena Larson

Understanding the Evolving Landscape of Cyber Threats: Insights from Selena Larson Recent discussions in the...

How Dragos Acquisition Enhances Accenture’s OT Security Capabilities

Joint Accenture-Dragos Platform Enhances Operational Technology Security In a significant development in the realm of...

Phishing Campaign Employs Fake Invoice PDF to Distribute AsyncRAT, VenomRAT, and XWorm

Phishing Campaign Employing Fake Invoice PDFs A recent analysis has revealed an intricate phishing campaign...

More like this

NSF Launches AI Coordination Hubs Program

NSF Launches New AI Coordination Hubs Program to Strengthen Regional Intelligence Capacity The National Science...

Device Code Phishing Featuring Selena Larson

Understanding the Evolving Landscape of Cyber Threats: Insights from Selena Larson Recent discussions in the...

How Dragos Acquisition Enhances Accenture’s OT Security Capabilities

Joint Accenture-Dragos Platform Enhances Operational Technology Security In a significant development in the realm of...