A Dark Web Research Report by Transmit Security Reveals How Threat Actors Are Using GenAI to Fuel Identity Attacks and Fraud

Artificial Intelligence | Reports & Predictions | Security Awareness | Threat Intelligence

The report from Transmit Security is the result of continuous investigation by a team of fraud analysts in the Transmit Security Research Lab, and reveals how dark web marketplaces and fraud tools have changed since the release of ChatGPT

Posted: Tuesday, Jul 30

KBI.Media
$
A Dark Web Research Report by Transmit Security Reveals How Threat Actors Are Using GenAI to Fuel Identity Attacks and Fraud

A Dark Web Research Report by Transmit Security Reveals How Threat Actors Are Using GenAI to Fuel Identity Attacks and Fraud

Boston, MA and Tel Aviv, Israel – July 30, 2024 – Transmit Security, the inventor of identity orchestration and the first to market with identity-security that fuses customer identity management and fraud prevention, today announced the release of a new in-depth report, “The GenAI-Fueled Threat Landscape: A Dark Web Report by the Transmit Security Research Lab.”

The report is the result of continuous investigation by a team of fraud analysts in the Transmit Security Research Lab and reveals how dark web marketplaces and fraud tools have changed since the release of ChatGPT. Key findings highlight the powerful capabilities of blackhat generative AI (GenAI) platforms that fraudsters are using to create new fraud campaigns at unprecedented levels of sophistication, speed and scale.

“It’s easy to find malicious GenAI tools like FraudGPT and WormGPT, and it’s just as easy to use them — to probe for vulnerabilities, write malicious code, harvest data and create highly deceptive fraud,” said Ido Rozen, Security Researcher Team Lead at Transmit Security. “These tools have no security guardrails and require little to no skills. GenAI has dramatically lowered the bar for novice fraudsters to churn out more advanced attacks on a global scale.”

The report includes dozens of screenshots of dark web forums, marketplaces and subscription-based services, providing valuable insights for anyone with a professional responsibility to know what’s happening in this shadowy underworld. Using a search engine on the legitimate, open web, one can find fraud platforms and tools, but Rozen warns that it’s likely to result in a malware infection, which is why whitehat cybersecurity research is the safest source of information.

“Our mission, as we explore the criminal underground, is to protect our customer base, which includes Fortune 500s and seven of the ‘top 10’ US banks. The stability of the global economy rests, in no small part, on cybersecurity, and we take this seriously as we analyze and reverse engineer new and evolving fraud tactics,” said Hazout.

Key takeaways of Transmit Security’s dark web report:

Blackhat Gen-AI tools make it easier to create and automate fraud campaigns, resulting in an increased volume, velocity and variety of attacks.
GenAI tools automate pentesting to find enterprise vulnerabilities and circumvent security used by specific targets.
Configuration (config) files, generated with the assistance of GenAI, are used for validating accounts and can validate up to 500 credentials per minute.
Bundled services like Remote Desktop Protocols (RDPs) and credit card checkers are augmented by AI to streamline attack creation.
GenAI rapidly generates real or synthetic identity data to create hard-to-detect fraudulent accounts aged with 8+ years of order history to appear legitimate.
GenAI makes it easy to create high-quality fake IDs that are able to bypass security checks, including most AI-driven identity verification.
Video and voice deepfakes lure victims into scams, while voice cloning is able to trick call center voice authentication systems.
Dark web markets offer 24/7 escrow and high seller ratings up to 4.99/5 to assure purchasers of product efficacy.

Insights to Extract From Dark Web Data

Transmit Security’s Chief Identity Officer David Mahdi, a former Gartner analyst, stated, “As we reviewed the evidence and analysis collected on the dark web, it was clear that fraudsters are doing a much better job working together as a community, collaborating and sharing information on GenAI tools and techniques. It’s a primary reason we wanted to share this research and especially our recommendations for preventing GenAI fraud.”

“We can see that bad actors are combining their approaches to more easily conduct identity attacks, which makes it all the more critical for IT leaders to arm themselves with information. The insights can help IT leaders justify projects in their pursuit of mitigating identity security gaps, currently left open by productivity-focused IAM solutions,” said Mahdi.

“As GenAI is being used by cybercriminals, it is imperative that IT leaders automate the detection of fraud and identity threats as well as decisioning. This requires context-aware intelligence that’s able to keep learning and improving as new types of fraud and attacks emerge. These approaches can only scale with GenAI.”

Improving Security and Visibility With AI

To fortify security amid the rapidly-changing dynamics of the AI era, organizations should implement converged fraud prevention, identity verification and customer identity management services powered by GenAI, AI and machine learning. Only a unified, smart defense can remove the data silos, security gaps and complexity that otherwise hinder the ability to detect and stop today’s advanced fraud with accuracy and speed.

To spot more deceptive scams and obfuscation tactics, AI-driven solutions must utilize hundreds of detection mechanisms, including advanced behavioral biometrics, device fingerprinting, bot and anomaly detection capable of mitigating risk while removing friction for trusted customers.

GenAI is especially beneficial as a fraud analytics tool and can be used to query an organization’s identity data to generate graphs or insights about end users, devices, risk or trust events, attack types and other information — to adapt to rapidly-emerging trends and get ahead of GenAI-fueled fraud.

See what’s happening on the dark web.
Read the full report: “The GenAI-Fueled Threat Landscape: A Dark Web Research Report by Transmit Security” or view the Executive Summary.

About Transmit Security

Transmit Security is the leading innovator of AI-driven customer identity security — delivering a fusion of identity management, identity verification and fraud prevention services, including identity orchestration and phishing-resistant authentication with passkeys and passwordless. Enterprise-class architecture with built-in cybersecurity ensures resiliency and endless scale to keep business running. These are just a few reasons Transmit Security is trusted by 7 ‘top 10’ US banks and Fortune 500s. Out-of-the-box use case solutions and best-of-breed, modular services with consumption-based pricing enable companies to select the services they need and pay only for what they use. Explore: www.transmitsecurity.com

Independent Cyber News.

Insights to Extract From Dark Web Data

Improving Security and Visibility With AI

About Transmit Security

In Other News…

Alkira Launches Zero Trust Network Access (ZTNA) Solution To Simplify End-To-End Secure Connectivity For Enterprises

Thoughtworks Technology Radar Finds Trend In Tools To Simplify LLMs For Practical AI Applications

CrowdStrike And Omnissa Partner To Secure Virtual And Physical Desktops

CrowdStrike And Fortinet Deliver Industry-Leading Protection From Endpoint To Firewall

Recent Articles

Knowing Your Data. A Precursor To Effective Governance

Rethinking how to engage Australian directors in security budget discussions

Advancing Security and Resilience: Insights from AWS Summit in Sydney

How to remove the roadblocks to going passwordless

Business News

Tech News

Global News

Our Podcasts

Partner With KBI

Content Production

Business News

Tech News

Global News

KBI.FM - The Cyber Podcast Network

Threats & Reports