Experts estimate that performing a popular phishing attack involving ransomware costs novice cybercriminals at least $20,000. First, hackers rent dedicated servers, subscribe to VPN services, and acquire other tools to build a secure and anonymous IT infrastructure to manage the attack. Attackers also need to acquire the source code of malicious software or subscribe to ready-to-use malware, as well as tools for infiltrating the victim’s system and evading detection by security measures. Moreover, cybercriminals can consult with seasoned experts, purchase access to targeted infrastructures and company data, and escalate privileges within a compromised system. Products and tools are readily available for purchase on the dark web, catering to beginners. The darknet also offers leaked malware along with detailed instructions, making it easier for novice cybercriminals to carry out attacks.

Malware is one of the primary tools in a hacker’s arsenal, with 53% of malware-related ads focused on sales. In 19% of all posts, infostealers designed to steal data are offered. Crypters and code obfuscation tools, used to help attackers hide malware from security tools, are featured in 17% of cases. Additionally, loaders are mentioned in 16% of ads. The median cost of these types of malware stands at $400, $70, and $500, respectively. The most expensive malware is ransomware: its median cost is $7,500, with some offers reaching up to $320,000. Ransomware is primarily distributed through affiliate programs, known as Ransomware-as-a-Service (RaaS), where participants in an attack typically receive 70–90% of the ransom. To become a partner, a criminal must make a contribution of 0.05 Bitcoin (approximately $5,000) and have a solid reputation on the dark web.

Another popular attack tool is exploits: 69% of exploit-related ads focus on sales, with zero-day vulnerability posts accounting for 32% of them. In 31% of cases, the cost of exploits exceeds $20,000 and can reach several million dollars. Access to corporate networks is relatively inexpensive, with 72% of such ads focused on sales, and 62% of them priced at under a thousand dollars. Among cybercriminal services, hacks are the most popular option, accounting for 49% of reports. For example, the price for compromising a personal email account starts at $100, while the cost for a corporate account begins at $200.

Dmitry Streltsov, Threat Analyst at Positive Technologies, says, “On dark web marketplaces, prices are typically determined in one of two ways: either sellers set a fixed price, or auctions are held. Auctions are often used for exclusive items, such as zero-day exploits. The platforms facilitating these deals also generate revenue, often through their own escrow services, which hold the buyer’s funds temporarily until the product or service is confirmed as delivered. On many platforms, these escrow services are managed by either administrators or trusted users with strong reputations. In return, they earn at least 4% of the transaction amount, with the forums setting the rates.”

Considering the cost of tools and services on the dark web, along with the median ransom amount, cybercriminals can achieve a net profit of $100,000–$130,000 from a successful attack—five times the cost of their preparation. For a company, such an incident can result not only in ransom costs but also in massive financial losses due to disrupted business processes. For example, in 2024, due to a ransomware attack, servers of CDK Global were down for two weeks. The company paid cybercriminals $25 million, while the financial losses of dealers due to system downtime exceeded $600 million.

Analysts believe that, amidst the rapid development of such technologies, developers of language models don’t do enough to protect LLMs from being misused by hackers generating malicious texts, code, or instructions. This oversight could contribute to a surge in cybercrime. For example, hackers are already using AI to write scripts and verify code when developing malicious software. Moreover, LLMs enable novice cybercriminals, who lack advanced skills or resources, to accelerate the preparation and simplify the execution of attacks. This, in turn, contributes to the rise in AI-driven incidents. For instance, a cybercriminal can use AI to double-check for overlooked details in their attack plan or to explore alternative methods for executing specific steps.

Experts point to other factors driving the increased use of AI in cyberattacks. Among them is the weak cybersecurity infrastructure in developing countries, where even imperfect tools can be used effectively with the support of AI. Additionally, the ongoing arms race between attackers and defenders is pushing cybercriminals to use AI.

Roman Reznikov, Information Security Research Analyst at Positive Technologies, commented, “The advanced capabilities of AI in cyberattacks are no reason to panic. Instead, we must remain realistic, study emerging technologies, and focus on building result-driven cybersecurity strategies. The most logical way to counter AI-driven attacks is by leveraging even more efficient AI-powered defence tools, which can address the shortage of specialists by automating many processes. In response to the growing activity of cybercriminals, we developed the MaxPatrol O2 autopilot, designed to automatically detect and block attacker actions within the infrastructure before they can inflict irreparable damage on an organization.”

Experts note that cybercriminals are already using AI to automatically generate malicious code snippets, phishing messages, and deepfakes, as well as to automate various stages of cyberattacks, including botnet administration. However, only experienced hackers currently have the skills to develop and create new AI-driven tools to automate and scale cyberattacks. Analysts predict that specialized modules will emerge in the near future to address specific tasks in well-known attack scenarios. Over time, these AI-driven tools and modules will likely merge into clusters, thereby automating attack stages and eventually covering most of them. If cybercriminals succeed in fully automating attacks on a specific target, the next logical step could be enabling AI to autonomously search for new targets.

To ensure personal and corporate cybersecurity, Positive Technologies recommends following general security rules, prioritizing vulnerability management, and participating in bug bounty programs. Experts warn that the use of machine learning to automate vulnerability exploitation will enable cybercriminals to target organizations more quickly and frequently. Promptly addressing any detected flaws is crucial, particularly when publicly available exploits exist.

To stay ahead of cybercriminals, vendors are increasingly integrating machine learning technologies into their products. For instance, MaxPatrol SIEM uses its Behavioral Anomaly Detection (BAD) component to assign risk scores to cybersecurity events and detect targeted cyberattacks, including those exploiting zero-day vulnerabilities. Similarly, the PT Application Firewall uses AI for the precise detection of shell upload attacks. MaxPatrol VM leverages AI for intelligent asset information searches and the creation of popular queries. PT NAD employs AI to generate custom profiling rules and detect applications within encrypted traffic. Finally, PT Sandbox uses AI for the advanced detection of unknown and anomalous malware.

A few hours ago, @falconfeeds.io, an X (formerly Twitter) handle that tracks cyber attacks had posted that Fawry was possibly a victim of ransomware as seen below:

LockBit #ransomware group has added 2 new victim to their #darkweb portal.

– Amber Hill Group
– Fawry #China #Egypt #lockbit #databreach #cyberattack pic.twitter.com/LP9yFJJ12w

— FalconFeeds.io (@FalconFeedsio) November 8, 2023

At the time of publishing this news article, Fawry’s website was still offline.

In response to these claims, Fawry released a statement saying, “The company immediately conducted an investigation into its servers and live broadcast. Based on the tests conducted by the company, it has been found that the servers serving customers and banks have not been subjected to any breaches. The company also confirms that no financial or banking data of customers has been leaked. Furthermore, the company asserts that it adheres to the highest standards of cybersecurity in accordance with the requirements of global regulatory authorities.”

In recent months, we have reported the unravelling of a Chinese-based APT which targeted governmental entities, hidden malware that was spotted behind legitimate-looking apps, a new version of Chinese espionage that was propagated through USB devices and malicious firmware implants discovered on internet routers. In addition, cybercriminals continue to leverage the latest AI revolution, by stretching the borders of generative AI chat platforms such as ChatGPT4.

In Q2 2023, there was an 8% increase in global average weekly attacks compared to the previous year. The average number of attacks per organization per week reached 1258 attacks – the highest number noted by Check Point Research in the past 2 years.

During Q2 2023, the Education/Research sector experienced the highest number of attacks, with an average of 2179 attacks per organization per week, marking a 6% decrease compared to Q2 2022. The Government/Military sector was the second most attacked, with an average of 1772 attacks per week, which represents a 9% increase from the parallel period last year. The Healthcare sector followed closely behind, with an average of 1744 attacks per week, reflecting a significant YoY increase of 30%.

During Q2 2023, Africa experienced the highest average number of weekly cyber-attacks per organization, with an average of 2164 attacks. This signifies a significant year-on-year increase of 23% compared to the same period in 2022. The APAC region also witnessed a substantial 22% YoY increase in the average number of weekly attacks per organization, reaching an average of 2046 attacks.

In Q2 2023, 1 out of every 44 organizations worldwide experienced a ransomware attack, representing a decrease of 9% compared to Q2 2022, where 1 out of every 40 organizations suffered from such attacks. APAC & Europe sees a significant Year Over Year increase in Ransomware attacks per organization, with a 29% and 21% increase respectively. The north American region follows with a 15% Year over year increase.

In Q2 2023, the Government/Military sector experienced the highest number of ransomware attacks, with 1 out of every 25 organizations impacted, marking a slight 4% decrease compared to the previous year. The Healthcare sector was the second most affected, with 1 out of every 27 organizations experiencing such attacks, representing an increase of 16% YoY. The Education/Research industry followed closely behind, with 1 out of every 31 organizations affected by ransomware, indicating a decrease of 2% over the past year.