There has been an explosion in AI-powered cybercrime tooling available on underground marketplaces over recent months, according to a leading ransomware expert.
Cynthia Kaiser, SVP Ransomware Research Center at Halcyon, is also a former FBI deputy cyber director and White House advisor. At Infosecurity Europe on 2 June, she said that her time in government made her realize that tackling cyber threats is the “national security challenge of our lifetime.”
“It’s scary to look at some of the most powerful people in the world and see the fear in their eyes and know that’s because of what people are doing at keyboards thousands of miles away,” she told attendees.
Kaiser and her team at Halcyon had already mapped a cybercrime underground dependent on supply chain “specialization, efficiency and division of labor.”
However, they wanted to see what impact AI-powered tools would have. So they ran an analysis of 4000 entries, 77 Telegram channels, 20 dark web forums and five specialized underground markets, she explained.
The team was shocked to see posts mentioning the technology surge from just 38 in December to 1486 in February. That’s an increase of over 3810%.
Read more on AI: Infosecurity Europe: Threat Actor Uses AI to Build EDR Evasion Tools
What’s more, when they hit the market, these services featured automated distribution, freemium options, and tiered pricing – the sign of a sophisticated market, Kaiser said.
What Cybercriminals are Selling
Cybercrime actors on these forums and marketplaces are selling tools that roughly split into four categories, Kaiser explained.
- Weaponized LLMs: These could be AI models that have been secretly retrained to do bad things, hacked versions of legitimate tools that have had their “rules and safety limits” removed, or new AI systems built from scratch, like WormGPT
- AI-enabled identity fraud: Enables voice and video-based deepfakes for BEC, KYC bypass, and defrauding selfie-check recognition systems. Today, these tools can be trained on just three seconds of audio, said Kaiser. One tool she showed claims a 92% success at bypassing KYC platforms and has such market recognition on the dark web that criminals are apparently hunting for pirated copies
- AI-augmented malware and infrastructure: This goes beyond text generation to support live operational use. One example is an AI-powered call center supporting 25 languages, trained on over 150,000 calls, and which even produces ambient call center background noise to reassure victims
- Jailbroken and stolen AI services: These comprise the majority of dark web offerings and the cheapest, starting at just 10 cents for a stolen ChatGPT account. There is a highly organized and active cybercrime community offering jailbroken AI, said Kaiser
Kaiser explained how criminals are continuing to drive demand and improve resilience to disruption.
The financial barrier to entry for cybercriminals is “virtually zero” thanks to widely available freemium tools. Telegram bot-driven distribution automates the process of sales, customer service, notification and order tracking, and functions as “unmanned storefronts,” Kasier added.
Finally, the multiplicity of channels ensures redundancy.
“If a paid tier is disrupted, the free tier continues to distribute. If a website goes down, the Telegram bot continues,” she explained. “If the Telegram channel is banned, the forum thread persists, and if the forum is seized the website survives. Each channel is a backup for the others.”
The Fightback Starts Here
Against this backdrop, organizations need to be prepared on four fronts, Kaiser said:
- Defend against a surge in volume of low capability actors, alongside continuous pressure from sophisticated groups. The former may be a more basic threat but it can generate noise and fatigue security teams
- Reorient society around phone calls as a primary attack vector, which means building awareness and redesigning verification protocols
- Be prepared to stop rapid attacks, accelerated by AI, with AI-based behavioral protection, and automated isolation, token revocation, and disabling of credentials
- Work better together, across public and private sectors. The AI model makers need to step up here. “This is really a policy and partnership problem as much as it is a technical one,” said Kaiser. “Effective disruption of this market requires coordination between defenders, model providers, payment processors and hosting infrastructure
“The good news is that the same intelligence work that reveals how these markets operate also reveals where they’re vulnerable,” Kaiser concluded.
“Law enforcement disruption and financial pressure can cause real friction. Defenders who understand how attackers actually operate based on direct observation of what they’re buying, building and doing have a meaningful and actionable advantage.”