Key Takeaways:
- The evolution of cybercrime has entered a "fifth wave" with the rapid adoption of AI and generative AI (GenAI) tools, making cybercrime cheaper, faster, and more scalable.
- Black market deepfake kits are fueling cybercrime, with prices as low as $5 for synthetic identity kits and $10 per month for deepfake-as-a-service offerings.
- Phishing kits have entered the "agentic AI era," with AI-powered tools automating phishing campaigns and making them more accessible and affordable to groups big and small.
- Dark large language models (LLMs) are being used by threat actors to generate harmful content, including malware, scams, and disinformation, with no ethical restrictions.
- The use of AI in cybercrime has industrialized the industry, dramatically increasing the speed, scale, and sophistication of attacks.
Introduction to the Fifth Wave of Cybercrime
The evolution of cybercrime has entered a new era, with the rapid adoption of AI and generative AI (GenAI) tools. According to Group-IB, a Singapore-based cybersecurity firm, this new era is marked by the use of AI-powered tools that "turn human skills into scalable services" and make cybercrime "cheaper, faster, and more scalable." This fifth wave of cybercrime is characterized by the widespread use of AI-powered tools, including deepfakes, phishing kits, and dark large language models.
The Rise of Black Market Deepfake Kits
One of the most striking misuses of GenAI is in the creation of fake synthetic content impersonating real people. This content can be used to lure other trusting people to execute tasks or to bypass authentication processes and know your customer (KYC) systems to gain access to devices, steal money, or steal data. Group-IB analysts found "synthetic identity kits" offering AI video actors, cloned voices, and even biometric datasets for as little as $5, and deepfake-as-a-service offerings for subscriptions starting at $10 per month. The use of these kits has become increasingly popular, with a spike in discussions about such AI-powered tools for criminal purposes in dark web forums over the past three years.
The Agentic AI Era of Phishing Kits
Another major use of AI by cybercriminals is for phishing. Phishing kits are now listed at prices ranging from as little as a Netflix subscription to $200 per month, making them accessible and affordable to groups big and small. The new malicious AI capabilities are now used beyond simply assisting the attacker in the production of believable phishing emails. AI is not only changing how phishing is generated, handled, hosted, and run, but also the way it’s distributed. With the help of AI, and especially open-weight models that are accessible, criminals are building tools to automate these tasks. They embed the models into the tools that are helping to scale and automate phishing campaigns in terms of delivery. The models provide them with the list of victims and sort of narrative that they want to use for the lures.
The Growing Sophistication of Dark LLMs
Group-IB analysts also found that threat actors are moving past chatbot misuse and are creating proprietary "dark large language models" (LLMs) that are more stable, capable, and have no ethical restrictions. From early experiments of rudimentary, open-access dark LLMs like WormGPT, these tools have now evolved into custom-built, self-hosted AI models optimized for generating harmful content, including malware, scams, and disinformation. They have no ethical restrictions and are often fine-tuned on scam linguistics or malicious code and datasets. The dark LLMs assist in various cybercriminal activities, including fraud and scam content generation, crafting phishing kits, fake websites, and social engineering scripts, malware and exploit development support, and initial access assistance with vulnerability reconnaissance and exploit chains.
The Industrialization of Cybercrime
The use of AI in cybercrime has industrialized the industry, dramatically increasing the speed, scale, and sophistication of attacks. According to Craig Jones, former Interpol director of cybercrime and independent strategic advisor for Group-IB, "AI hasn’t created new motives for cybercriminals," but it has industrialized cybercrime by "dramatically increasing the speed, scale, and sophistication with which those motives are pursued." The shift marks a new era, where speed, volume, and sophisticated impersonation fundamentally change how crime is committed and how hard it is to stop. As a result, it is essential for cybersecurity professionals to stay ahead of the curve and develop new strategies to combat the evolving threat landscape.