www.trellix.com
Open in
urlscan Pro
2a02:26f0:3500:14::1724:a255
Public Scan
URL:
https://www.trellix.com/blogs/research/the-dark-side-of-innovation-cybercriminals-and-their-adoption-of-genai/
Submission: On March 11 via api from US — Scanned from DE
Submission: On March 11 via api from US — Scanned from DE
Form analysis 6 forms found in the DOM
<form class="px-3 d-flex align-items-center gap-2 bi bi-search" id="searchForm">
<input class="custom-mobile-search-field flex-grow-1" placeholder="Search Trellix" aria-label="Search" id="msearch" data-result-path="/search/">
<button class="btn btn-primary me-2 px-2 py-0 bg-transparent text-primary border-0" type="submit">Search</button>
<div class="d-none d-lg-flex gap-2 align-items-center">
<a href="#" onclick="document.getElementById('msearch').value = ''" datalink-type="internal" datalink-id="newco:#">Clear</a>
<span>|</span>
<a id="searchTip" class="no-break" href="#" data-bs-toggle="modal" data-bs-target="#searchTipModal" datalink-type="internal" datalink-id="newco:#">Search Tips</a>
</div>
</form><form id="mktoForm_1075" novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft">
<style type="text/css"></style>
<div class="mktoFormRow" data-wrapper-for="Eval_ID__c"><input type="hidden" name="Eval_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="utmmedium"><input type="hidden" name="utmmedium" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="utmaudience__c"><input type="hidden" name="utmaudience__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="utmcontent__c"><input type="hidden" name="utmcontent__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="utmsource__c"><input type="hidden" name="utmsource__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="utmcampaign__c"><input type="hidden" name="utmcampaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" style=""></div>
<div class="mktoFormRow" data-wrapper-for="Email">
<div class="mktoFieldDescriptor mktoFormCol" style="">
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth">
<div class="mktoAsterix">*</div>Business Email
</label><input id="Email" name="Email" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true"><span id="InstructEmail" tabindex="-1"
class="mktoInstruction"></span></div>
</div>
</div>
<div class="mktoFormRow" data-wrapper-for="Country">
<div class="mktoFieldDescriptor mktoFormCol" style="">
<div class="mktoFieldWrap mktoRequiredField"><label for="Country" id="LblCountry" class="mktoLabel mktoHasWidth">
<div class="mktoAsterix">*</div>Country
</label><select id="Country" name="Country" aria-labelledby="LblCountry InstructCountry" class="mktoField mktoHasWidth mktoRequired" aria-required="true">
<option value="">Select...</option>
<option value="Afghanistan">Afghanistan</option>
<option value="Aland Islands">Aland Islands</option>
<option value="Albania">Albania</option>
<option value="Algeria">Algeria</option>
<option value="Andorra">Andorra</option>
<option value="Angola">Angola</option>
<option value="Anguilla">Anguilla</option>
<option value="Antarctica">Antarctica</option>
<option value="Antigua/Barbuda">Antigua/Barbuda</option>
<option value="Argentina">Argentina</option>
<option value="Armenia">Armenia</option>
<option value="Aruba">Aruba</option>
<option value="Australia">Australia</option>
<option value="Austria">Austria</option>
<option value="Azerbaijan">Azerbaijan</option>
<option value="Bahamas">Bahamas</option>
<option value="Bahrain">Bahrain</option>
<option value="Bangladesh">Bangladesh</option>
<option value="Barbados">Barbados</option>
<option value="Belarus">Belarus</option>
<option value="Belgium">Belgium</option>
<option value="Belize">Belize</option>
<option value="Benin">Benin</option>
<option value="Bermuda">Bermuda</option>
<option value="Bhutan">Bhutan</option>
<option value="Bolivia">Bolivia</option>
<option value="Bonaire">Bonaire</option>
<option value="Bosnia-Herz.">Bosnia-Herz.</option>
<option value="Botswana">Botswana</option>
<option value="Bouvet Island">Bouvet Island</option>
<option value="Brazil">Brazil</option>
<option value="Brit.Ind.Oc.Ter">Brit.Ind.Oc.Ter</option>
<option value="Brunei Darussalam">Brunei Darussalam</option>
<option value="Bulgaria">Bulgaria</option>
<option value="Burkina-Faso">Burkina-Faso</option>
<option value="Burundi">Burundi</option>
<option value="Cambodia">Cambodia</option>
<option value="Cameroon">Cameroon</option>
<option value="Canada">Canada</option>
<option value="Cape Verde">Cape Verde</option>
<option value="Cayman Islands">Cayman Islands</option>
<option value="Central African Republic">Central African Republic</option>
<option value="Chad">Chad</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Christmas Island">Christmas Island</option>
<option value="Coconut Islands">Coconut Islands</option>
<option value="Colombia">Colombia</option>
<option value="Comoros">Comoros</option>
<option value="Congo">Congo</option>
<option value="Cook Islands">Cook Islands</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Ivory Coast">Ivory Coast</option>
<option value="Croatia">Croatia</option>
<option value="Cuba">Cuba</option>
<option value="Curacao">Curacao</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Denmark">Denmark</option>
<option value="Djibouti">Djibouti</option>
<option value="Dominica">Dominica</option>
<option value="Dominican Republic">Dominican Republic</option>
<option value="East Timor">East Timor</option>
<option value="Ecuador">Ecuador</option>
<option value="Egypt">Egypt</option>
<option value="El Salvador">El Salvador</option>
<option value="Equatorial Guinea">Equatorial Guinea</option>
<option value="Eritrea">Eritrea</option>
<option value="Estonia">Estonia</option>
<option value="Ethiopia">Ethiopia</option>
<option value="Falkland Islnds">Falkland Islnds</option>
<option value="Faroe Islands">Faroe Islands</option>
<option value="Fiji">Fiji</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="French Guiana">French Guiana</option>
<option value="French Polynesia">French Polynesia</option>
<option value="French Southern Territories">French Southern Territories</option>
<option value="Gabon">Gabon</option>
<option value="Gambia">Gambia</option>
<option value="Georgia">Georgia</option>
<option value="Germany">Germany</option>
<option value="Ghana">Ghana</option>
<option value="Gibraltar">Gibraltar</option>
<option value="Greece">Greece</option>
<option value="Greenland">Greenland</option>
<option value="Grenada">Grenada</option>
<option value="Guadeloupe">Guadeloupe</option>
<option value="Guam">Guam</option>
<option value="Guatemala">Guatemala</option>
<option value="Guernsey">Guernsey</option>
<option value="Guinea">Guinea</option>
<option value="Guinea-Bissau">Guinea-Bissau</option>
<option value="Guyana">Guyana</option>
<option value="Haiti">Haiti</option>
<option value="Heard and Mc Donald Islands">Heard and Mc Donald Islands</option>
<option value="Vatican City">Vatican City</option>
<option value="Honduras">Honduras</option>
<option value="Hong Kong">Hong Kong</option>
<option value="Hungary">Hungary</option>
<option value="Iceland">Iceland</option>
<option value="Slovenia">Slovenia</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Iraq">Iraq</option>
<option value="Ireland">Ireland</option>
<option value="Isle of Man">Isle of Man</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Jamaica">Jamaica</option>
<option value="Japan">Japan</option>
<option value="Jersey">Jersey</option>
<option value="Jordan">Jordan</option>
<option value="Kazakhstan">Kazakhstan</option>
<option value="Kenya">Kenya</option>
<option value="Kiribati">Kiribati</option>
<option value="Kosovo">Kosovo</option>
<option value="Kuwait">Kuwait</option>
<option value="Kyrgyzstan">Kyrgyzstan</option>
<option value="Laos">Laos</option>
<option value="Latvia">Latvia</option>
<option value="Lebanon">Lebanon</option>
<option value="Lesotho">Lesotho</option>
<option value="Liberia">Liberia</option>
<option value="Libya">Libya</option>
<option value="Liechtenstein">Liechtenstein</option>
<option value="Lithuania">Lithuania</option>
<option value="Luxembourg">Luxembourg</option>
<option value="Macau">Macau</option>
<option value="Madagascar">Madagascar</option>
<option value="Malawi">Malawi</option>
<option value="Malaysia">Malaysia</option>
<option value="Maldives">Maldives</option>
<option value="Mali">Mali</option>
<option value="Malta">Malta</option>
<option value="Marshall Islnds">Marshall Islnds</option>
<option value="Martinique">Martinique</option>
<option value="Mauritania">Mauritania</option>
<option value="Mauritius">Mauritius</option>
<option value="Mayotte">Mayotte</option>
<option value="Mexico">Mexico</option>
<option value="Micronesia">Micronesia</option>
<option value="Moldova">Moldova</option>
<option value="Monaco">Monaco</option>
<option value="Mongolia">Mongolia</option>
<option value="Montenegro">Montenegro</option>
<option value="Montserrat">Montserrat</option>
<option value="Morocco">Morocco</option>
<option value="Mozambique">Mozambique</option>
<option value="Myanmar">Myanmar</option>
<option value="Namibia">Namibia</option>
<option value="Nauru">Nauru</option>
<option value="Nepal">Nepal</option>
<option value="Netherlands">Netherlands</option>
<option value="Netherlands Antilles">Netherlands Antilles</option>
<option value="New Caledonia">New Caledonia</option>
<option value="New Zealand">New Zealand</option>
<option value="Nicaragua">Nicaragua</option>
<option value="Niger">Niger</option>
<option value="Nigeria">Nigeria</option>
<option value="Niue Islands">Niue Islands</option>
<option value="Norfolk Island">Norfolk Island</option>
<option value="N.Mariana Islnd">N.Mariana Islnd</option>
<option value="Macedonia">Macedonia</option>
<option value="North Macedonia">North Macedonia</option>
<option value="Norway">Norway</option>
<option value="Oman">Oman</option>
<option value="Pakistan">Pakistan</option>
<option value="Palau">Palau</option>
<option value="Palestine State">Palestine State</option>
<option value="Panama">Panama</option>
<option value="Papua New Guinea">Papua New Guinea</option>
<option value="Paraguay">Paraguay</option>
<option value="Peru">Peru</option>
<option value="Philippines">Philippines</option>
<option value="Pitcairn Islnds">Pitcairn Islnds</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Puerto Rico">Puerto Rico</option>
<option value="Qatar">Qatar</option>
<option value="Reunion">Reunion</option>
<option value="Romania">Romania</option>
<option value="Russian Federation">Russian Federation</option>
<option value="Rwanda">Rwanda</option>
<option value="St. Barthelemy">St. Barthelemy</option>
<option value="St. Helena">St. Helena</option>
<option value="Saint Kitts and Nevis">Saint Kitts and Nevis</option>
<option value="St. Lucia">St. Lucia</option>
<option value="St. Martin">St. Martin</option>
<option value="St. Pierre and Miquelon">St. Pierre and Miquelon</option>
<option value="St. Vincent">St. Vincent</option>
<option value="Samoa American">Samoa American</option>
<option value="San Marino">San Marino</option>
<option value="Sao Tome and Principe">Sao Tome and Principe</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Senegal">Senegal</option>
<option value="Serbia">Serbia</option>
<option value="Seychelles">Seychelles</option>
<option value="Sierra Leone">Sierra Leone</option>
<option value="Singapore">Singapore</option>
<option value="Sint Maarten">Sint Maarten</option>
<option value="Slovak Republic">Slovak Republic</option>
<option value="Solomon Islands">Solomon Islands</option>
<option value="Somalia">Somalia</option>
<option value="South Africa">South Africa</option>
<option value="S. Sandwich Islands">S. Sandwich Islands</option>
<option value="South Korea">South Korea</option>
<option value="South Sudan">South Sudan</option>
<option value="Spain">Spain</option>
<option value="Sri Lanka">Sri Lanka</option>
<option value="Sudan">Sudan</option>
<option value="Suriname">Suriname</option>
<option value="Svalbard">Svalbard</option>
<option value="Swaziland">Swaziland</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Syria">Syria</option>
<option value="Taiwan">Taiwan</option>
<option value="Tajikistan">Tajikistan</option>
<option value="Tanzania">Tanzania</option>
<option value="Thailand">Thailand</option>
<option value="Timor-Leste">Timor-Leste</option>
<option value="Togo">Togo</option>
<option value="Tokelau Islands">Tokelau Islands</option>
<option value="Tonga">Tonga</option>
<option value="Trinidad and Tobago">Trinidad and Tobago</option>
<option value="Tunisia">Tunisia</option>
<option value="Turkey">Turkey</option>
<option value="Turkmenistan">Turkmenistan</option>
<option value="Turks and Caicos Islands">Turks and Caicos Islands</option>
<option value="Tuvalu">Tuvalu</option>
<option value="Uganda">Uganda</option>
<option value="Ukraine">Ukraine</option>
<option value="United Arab Emirates">United Arab Emirates</option>
<option value="United Kingdom">United Kingdom</option>
<option value="United States Minor Outlying">United States Minor Outlying</option>
<option value="Uruguay">Uruguay</option>
<option value="USA">United States</option>
<option value="Uzbekistan">Uzbekistan</option>
<option value="Vanuatu">Vanuatu</option>
<option value="Venezuela">Venezuela</option>
<option value="Vietnam">Vietnam</option>
<option value="Virgin Islands British">Virgin Islands British</option>
<option value="Virgin Islands U.S.">Virgin Islands U.S.</option>
<option value="Wallis and Futuna Islands">Wallis and Futuna Islands</option>
<option value="Western Sahara">Western Sahara</option>
<option value="Western Samoa">Western Samoa</option>
<option value="Yemen">Yemen</option>
<option value="Zambia">Zambia</option>
<option value="Zimbabwe">Zimbabwe</option>
</select><span id="InstructCountry" tabindex="-1" class="mktoInstruction"></span></div>
</div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderState"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFormCol" style="">
<div class="mktoFieldWrap">
<div class="mktoHtmlText mktoHasWidth"><small class="agreement-msg">Yes, I'd like to receive communications from Trellix and Skyhigh Security. See our <a href="/about/legal/privacy/" target="_blank">Privacy Policy</a> for
information on how we use and protect your data. You can always change your preferences on our <a href="/contact-us/communication-preferences/" target="_blank"">subscription center</a>.</small></div>
</div>
</div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style=""><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor" value="1075"><input
type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="627-OOG-590"><input type="hidden" name="LastFormURL" class="mktoField mktoFieldDescriptor"
value="https://www.trellix.com/blogs/research/the-dark-side-of-innovation-cybercriminals-and-their-adoption-of-genai/">
</form><form id="otpForm" class="needs-validation" novalidate="">
<div class="form-floating mb-5">
<input type="number" class="form-control" id="otp" placeholder="Enter the OTP" name="otp" required="">
<label for="otp">One-Time-Password</label>
<div class="invalid-feedback">Please enter OTP.</div>
</div>
<div class="Tabmodal" style="display: none; width: 5%;margin-left: 5%; margin-bottom:1%">
<img id="loader" src="/admin/images/ajax-loading.gif" alt="">
</div>
<div class="d-flex gap-3">
<div class="mb-3">
<button id="otpSubmit" type="submit" class="btn btn-primary">Submit</button>
</div>
<p class="mb-0">
<a id="reotp" href="#" class="btn btn-outline-primary" datalink-type="internal" datalink-id="newco:#">Resend OTP</a>
</p>
</div>
<h6 id="errmessage" style="display:none; margin-bottom:1.5rem;"></h6>
</form><form id="blogsSearchForm">
<div class="input-group position-relative blogssearchbox h-100">
<input class="form-control p-2 ps-6 m-0" placeholder="Search Blogs" type="search" aria-label="Search" id="blogssearch">
<div class="bi bi-search position-absolute start-0 ms-3 mt-2 pt-1 lh-sm"></div>
</div>
</form><form novalidate="">
<div class="mb-0 col-12 d-flex justify-content-center mx-auto flex-column flex-md-row">
<div class="form-floating mx-0 me-md-3">
<input type="email" onchange="document.querySelector('#subscribeEmailModal').value = document.querySelector('#subscribeEmailBlade').value;" class="form-control custom-input" id="subscribeEmailBlade" placeholder="Email" required="">
<div class="invalid-feedback text-start"> Please enter a valid email address. </div>
<div class="biz-email-msg invalid-feedback">Please enter a business email address</div>
</div>
<div class="mt-3 mt-md-0">
<button class="btn btn-primary custom-submit" onclick="event.preventDefault()" data-bs-toggle="modal" data-bs-target="#subModal">Submit</button>
</div>
</div>
</form><form novalidate="novalidate" class="mktoForm mktoHasWidth mktoLayoutLeft" style="font-family: inherit; font-size: 13px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
--------------------------------------------------------------------------------
* Government
* Support
* Contact
* Login
Trellix Login Trellix Hive Developer Portal Marketplace
* Search
Search
Clear | Search Tips
QUICK LINKS
Why Trellix? | Products | Advanced Research Center | Newsroom | Blogs
* Change Language
Australia (English) Brasil (Português) Canada (English) Canada (Français)
Deutschland (Deutsch) España (Español) France (Français) Hong Kong (English)
India (English) Italia (Italiano) 日本 (日本語) 대한민국 (한국어) México (Español)
Singapore (English) United Kingdom (English) United States (English)
* Platform
* Services
* Research
* Partners
* Resources
* About
PRODUCT CATEGORIES
--------------------------------------------------------------------------------
XDR Engine Endpoint Security SecOps and Analytics Data Security Network
Security Threat Intelligence Email Security Cloud Security View All Products
Trellix XDR Platform
Strengthen your security posture and protect your organization with
confidence.
Ransomware Detection and Response
Put ransomware nightmares to sleep. Minimize the time to detect, investigate,
and respond to ransomware threats.
PROFESSIONAL SERVICES
--------------------------------------------------------------------------------
Trellix Thrive Solution Services Consulting and Threat Services
EDUCATION AND TRAINING
--------------------------------------------------------------------------------
Education Services Training Courses
Trellix Thrive
Make the most of your investment in Trellix’s industry-leading cybersecurity
technologies.
RESEARCH
--------------------------------------------------------------------------------
Advanced Research Center Threat Intelligence Product Research Vulnerability
Research and Red Team Reports
Latest Research Blogs
Get the latest cybersecurity trends, best practices, security
vulnerabilities, and more.
Latest Report
Authored by Trellix’s Advanced Research Center, this report highlights
insights, intelligence, and guidance gleaned from multiple sources of
critical data.
PARTNERS
--------------------------------------------------------------------------------
Partners Overview Security Innovation Alliance OEM & Embedded Alliances
PARTNER PORTAL
--------------------------------------------------------------------------------
Trellix Hive Login Become a Partner
MANAGED DETECTION AND RESPONSE
--------------------------------------------------------------------------------
Managed Detection and Response Services What is Managed Detection and
Response?
RESOURCES
--------------------------------------------------------------------------------
Webinars Weekly Tech Talk Series Events Resource Library
SECURITY AWARENESS
--------------------------------------------------------------------------------
What is XDR? What is Endpoint Security? What is EDR? What is MITRE? What is
Ransomware? View All Topics
Weekly Tech Talk Series
Join Trellix technical experts in a weekly 30-minute tech talk webinar
series.
COMPANY
--------------------------------------------------------------------------------
Why Trellix? About Us Leadership Industry Recognition Customer Stories
MEDIA
--------------------------------------------------------------------------------
Press Releases Latest News Blogs View Newsroom
CONNECT
--------------------------------------------------------------------------------
Careers Contact Us
Get Started
Menu
Platform
Services
Research
Partners
Resources
About
Get Started
Support
Contact Us
Main menu
PRODUCT CATEGORIES
XDR Engine Endpoint Security SecOps and Analytics Data Security Network
Detection and Response Threat Intelligence Email Security Cloud Security View
All Products
Main menu
PROFESSIONAL SERVICES
Trellix Thrive Solution Services Consulting and Threat Services
EDUCATION AND TRAINING
Education Services Training Courses
Main menu
RESEARCH
Advanced Research Center Threat Intelligence Product Research Vulnerability
Research and Red Team Reports
Main menu
PARTNERS
Partners Overview Security Innovation Alliance OEM & Embedded Alliances
PARTNER PORTAL
Trellix Partner Portal Login
MANAGED DETECTION AND RESPONSE
Managed Detection and Response Services
What is Managed Detection and Response?
Main menu
RESOURCES
Webinars Weekly Tech Talk Series Events Resource Library
LOGIN
Trellix Login Trellix Free Trial Developer Portal Marketplace
SECURITY AWARENESS
What is XDR? What is Endpoint Security? What is EDR? What is MITRE? What is
Ransomware? View All Topics
Main menu
COMPANY
Why Trellix? About Us Leadership Industry Recognition Customer Stories
MEDIA
Press Releases News Stories View Newsroom
CONNECT
Careers Contact Us
Request a Demo Cybersecurity Assessment Latest Trellix Events Contact Us
BLOGS
THE LATEST CYBERSECURITY TRENDS, BEST PRACTICES, SECURITY VULNERABILITIES, AND
MORE
Subscribe
Stay updated
*
Business Email
*
CountrySelect...AfghanistanAland
IslandsAlbaniaAlgeriaAndorraAngolaAnguillaAntarcticaAntigua/BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaireBosnia-Herz.BotswanaBouvet
IslandBrazilBrit.Ind.Oc.TerBrunei
DarussalamBulgariaBurkina-FasoBurundiCambodiaCameroonCanadaCape VerdeCayman
IslandsCentral African RepublicChadChileChinaChristmas IslandCoconut
IslandsColombiaComorosCongoCook IslandsCosta RicaIvory
CoastCroatiaCubaCuracaoCyprusCzech RepublicDenmarkDjiboutiDominicaDominican
RepublicEast TimorEcuadorEgyptEl SalvadorEquatorial
GuineaEritreaEstoniaEthiopiaFalkland IslndsFaroe IslandsFijiFinlandFranceFrench
GuianaFrench PolynesiaFrench Southern
TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard
and Mc Donald IslandsVatican CityHondurasHong
KongHungaryIcelandSloveniaIndiaIndonesiaIraqIrelandIsle of
ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKosovoKuwaitKyrgyzstanLaosLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall
IslndsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNetherlands
AntillesNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiue IslandsNorfolk
IslandN.Mariana IslndMacedoniaNorth MacedoniaNorwayOmanPakistanPalauPalestine
StatePanamaPapua New GuineaParaguayPeruPhilippinesPitcairn
IslndsPolandPortugalPuerto RicoQatarReunionRomaniaRussian FederationRwandaSt.
BarthelemySt. HelenaSaint Kitts and NevisSt. LuciaSt. MartinSt. Pierre and
MiquelonSt. VincentSamoa AmericanSan MarinoSao Tome and PrincipeSaudi
ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovak
RepublicSolomon IslandsSomaliaSouth AfricaS. Sandwich IslandsSouth KoreaSouth
SudanSpainSri
LankaSudanSurinameSvalbardSwazilandSwedenSwitzerlandSyriaTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTokelau
IslandsTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos
IslandsTuvaluUgandaUkraineUnited Arab EmiratesUnited KingdomUnited States Minor
OutlyingUruguayUnited StatesUzbekistanVanuatuVenezuelaVietnamVirgin Islands
BritishVirgin Islands U.S.Wallis and Futuna IslandsWestern SaharaWestern
SamoaYemenZambiaZimbabwe
Yes, I'd like to receive communications from Trellix and Skyhigh Security. See
our Privacy Policy for information on how we use and protect your data. You can
always change your preferences on our subscription center.
Submit
OTP Validation
Please check your email for a one-time-password. The password expires in 10
minutes.
One-Time-Password
Please enter OTP.
Submit
Resend OTP
<<
Blogs:
XDR
Research
Perspectives
ARIA RESORT & CASINO | LAS VEGAS
SEPTEMBER 27-29, 2022
Register Now Learn More
THE DARK SIDE OF INNOVATION: CYBERCRIMINALS AND THEIR ADOPTION OF GENAI
By Jambul Tologonov and John Fokker · March 06, 2024
In the ever-evolving threat landscape, the Trellix Advanced Research Center has
been at the forefront of understanding and combating the dual-edged sword of
Generative Artificial Intelligence (GenAI). As this technology becomes
increasingly sophisticated, it offers boundless opportunities for innovation and
security. To quote F. Scott Fitzgerald from the Great Gatsby: “The party has
begun.”
It is a fact that any technological advancement will open new avenues for
exploitation, and the same is true with GenAI. Cybercriminals are ‘early
adopters’ of new tech and soon after the ChatGPT launch it was the ‘talk of the
town’ on several cybercriminal fora. Given the LLM capability, crafting phishing
emails indistinguishable from legitimate communications was one of the first
things mentioned in the criminal community and it started from there.
Recently, OpenAI announced it had taken proactive steps to counter the misuse of
their platform by several nation-state affiliated groups. However, this misuse
isn’t limited to nation-state affiliated groups, Trellix has been observing a
growing interest and use of GenAI by cybercriminal actors. In this blog we will
highlight some of the concerning examples we have observed.
AI ASSISTED EXPLOIT DEVELOPMENT
A prominent case of the misuse of legitimate GenAI services recently came to
light through coverage on the Russian cybersecurity website/journal xakep.ru. An
article on the site details how the author exploited a recently disclosed
vulnerability and crafted an exploit with the assistance of ChatGPT-4.
The Xakep.ru, where 'xakep' is a Cyrillic transcription meaning a hacker,
operates on a subscription-based model. The blog post would have likely gone
unnoticed by Trellix if not for an underground threat actor who posted it in its
entirety on a well-known dark-web forum. This post meticulously outlined each
step of the exploitation process for the Post SMTP Mailer WordPress plugin
vulnerability.
The vulnerability in question, CVE-2023-6875, is classified as critical with a
CVSSv3 score of 9.8/10. It was disclosed on January 11, 2024 and affects the
Post SMTP Mailer plugin for WordPress in all versions up to 2.8.7. The xakep.ru
article author not only acknowledges the existence of a Proof of Concept (PoC)
for CVE-2023-6875 but also advises that the PoC, while existing, is incomplete
and cannot be successfully exploited.
In the article, the author demonstrates how the vulnerability can be exploited,
leading to the identification of the SMTP administrator, resetting the
administrator password, and ultimately uploading a zip file containing a web
shell to the WordPress server. According to statistics from wordpress.org,
approximately 150,000 WordPress websites on the internet are potentially
affected by the Post SMTP Mailer plugin vulnerability, including the websites of
media and government organizations.
Figure 1. A screenshot of the xakep.ru article observed in an underground forum.
Towards the end of the article, the xakep.ru author advises that their exploit
dubbed 'boom-boom' is written in the Go programming language with the assistance
of ChatGPT-4. The author goes on to provide a link to the GenAI-based exploit
script and an Imgur video demo. The author emphasizes that one does have to be a
proficient programmer to exploit a vulnerability. By understanding the
vulnerability's principles, they can delegate or outsource the programming part
to GenAI, making the exploitation process more accessible to a wider audience.
Figure 2. GenAI aided exploit written in Go shared on xakep.ru’s Github
repository
Figure 3. A screenshot of the ‘boom-boom’ Go-based exploit written with the help
of GPT-4. Author advises although they are not a developer/programmer that does
not mean they can’t read English and debug the errors.
Unfortunately, the xakep.ru did not delve into the specific details of how
ChatGPT was utilized to assist in writing the exploit code in Go. The
methodology behind leveraging ChatGPT-4 for code generation remains unknown, and
without explicit information, one can only speculate on possible approaches.
Methods such as prompt injection, jailbreaking, or other attack vectors on
ChatGPT could be among the techniques used, but the precise process remains
undisclosed based on the provided information.
DEEPFAKE QUEST FOR NEXT-GEN DECEPTION
Another particularly alarming development is the observation of Russian threat
actors closely monitoring Chinese advancements in AI, specifically in the realm
of deepfake technology. This interest hints at the potential for creating highly
convincing fake content, which could be used in everything from disinformation
campaigns to impersonating individuals in secure communications.
Recently we observed in a Russian speaking dark-web forum thread titled ‘Theory
and practise of creating Deepfake’ threat actors engaged in a discussion around
recent technological development in GenAI-based deepfakes and one of the actors
advised that old technologies of deepfake generation are outdated since the
introduction of InstantID: Zero-shot Identity-Preserving Generation.
InstantID, unveiled by Chinese researchers at Peking University in early 2024
has revolutionized the deepfake landscape. This AI method enables the rapid
creation of highly efficient, identity-preserving images within seconds, based
on a single input image file. InstantID has already been incorporated into a
popular GenAI text-to-image model named Stable Diffusion, along with its webGUI
tool called Automatic1111.
What sets InstantID apart from other models, such as LoRA, is its accessibility
to threat actors with minimal skill sets and hardware resources. With just a
single reference image, individuals can swiftly generate convincing deepfake
content in a matter of seconds. Notably, one Github user has shared examples of
InstantID, providing a glimpse into the capabilities of this groundbreaking AI
technology:
Figure 4. InstantID examples shared on InstantID Github repository
Another example of InstantID’s exceptional results were recently posted on X by
a Chinese academic Wang Jian:
Figure 5. InstantID examples shared on X by @Datou
The capabilities of the InstantID method are indeed impressive, as it can
achieve remarkable results in less than a minute with just a single face
reference. What differentiates InstantID from other techniques is its ability to
generate content without the need for extensive prior training or a lengthy
fine-tuning process. This technology's capability to generate high-quality
outputs with minimal input and time investment underscores its potential impact
in the deepfake domain. However, it also raises concerns about the potential
proliferation of easily created deepfake videos and images used by
cybercriminals. The accessibility and high adaptability of InstantID could
contribute to an increase in the prevalence of such deceptive content, posing
challenges for the identification and mitigation of deepfake digital threats.
At present, InstantID is primarily employed for image generation. However,
threat actors speculate that it is only a matter of days before this AI
technology extends its capabilities to include deepfake video production. This
anticipated evolution may involve the integration of speech-to-speech or
image-to-video AI technologies, showcasing the continuous adaptability and
potential advancements in the realm of AI-driven malicious activities:
Figure 6. A screenshot of underground threat actors discussing InstantID’s usage
in deepfake creation process. First they discuss text-to-speech AI model called
WhisperSpeech, then how to train Deepfacelab given the limited amount of input
photos, and at last the InstanID technique as a replacement of old technologies
for deepfake creation
While researching InstantID technology usage, we came across highly persuasive
celebrity images on underground forums generated using the InstantID +
Automatic1111 AI model, however due their explicit visual nature we will not
reference or include them in this blog.
Another notable example of deepfakes observed in Russian dark-web is a
legitimate AI service called camerai which allows to generate deepfake video
based on a given AI prompt and a live user camera, however at the moment the
quality of the produced deepfake video leaves a lot to be desired:
Figure 7. A screenshot of ‘camerai’ service usage observed on an underground
forum. Cybercriminals advise all you have to do is to write down any character
as a prompt and turn on the camera, the rest is done by the neural network.
Given recent AI advancements like InstantID, the creation of deepfake content
has become more accessible than ever before, and cybercriminals are keenly
observing these developments. As pioneers in adopting this innovation, they
consistently experiment with and integrate deepfake GenAI technology to craft
highly convincing synthetic media. This synthetic content can be employed in
their new fraudulent campaigns, showcasing the adaptability and utilization of
these advanced technologies for nefarious purposes.
AI INTEGRATED WEB-SCANNER
Cybercriminals are consistently advancing and creating new customized
AI-embedded malicious tools to serve their illicit purposes. Trellix has
recently identified such a tool on the dark web, – an automated web-scanner
integrated with AI. This specialized tool functions as a custom web application
vulnerability scanner, generating an AI-based report along with recommendations
derived from the results of well-known penetration testing tools such as Nmap,
Nikto, Sqlmap, SSLScan, DNSRecon, and others. This Python-based web scanner
incorporates Llama API integration, allowing users to tailor AI profiles based
on their preferences, ranging from a friendly mentor to a cyber special agent or
a vigilant expert. The tool offers extensive customization options, enabling
users to add their own extensions, activate/deactivate pentesting modules, and
define their unique prompt style and AI feedback.
Figure 8. A screenshot of a custom AI based web-scanner observed on an
underground forum. Author ‘hackeryaroslav’ presents an automated web-scanner
with AI integration v1.0 designed to discover vulnerabilities in
web-applications.
Here are the Llama AI profiles used in the web-scanner:
friendly_mentor_profile = AIProfile(
"friendly_mentor",
"You are a seasoned yet amicable cybersecurity mentor. You explain vulnerabilities and mitigations in a simple, easy-to-grasp manner, like guiding a mentee. Your warmth shows this is for learning, not lecturing."
)
special_agent_profile = AIProfile(
"special_agent",
"You are a cyber intelligence special agent briefing high-level government officials on security threats. You analyze methodically, profiling adversary tradecraft, capabilities, and recommended counter-operations for the targeted organization."
)
hacker_guru_profile = AIProfile(
"hacker_guru",
"You're the zen-like hacker guru, seeing vulnerabilities as puzzles to solve over cups of green tea. For each finding, you philosophize on root causes and ponderously guide the grasshopper to patches, wisdom, and improved security hygiene."
)
paranoid_expert_profile = AIProfile(
paranoid_expert",
"You're the paranoid cybersecurity expert seeing threats everywhere. Your analysis wildly speculates possible worst-case scenarios from the findings, while your mitigation advice involves heavy-handed measures like air-gapping, encryption, threat hunting operations centers, and resisting use of all technology."
)
Here is the default Llama AI prompt used which can be customized for the end
user needs:
default_prompt = """
You are a penetration tester and security consultant. The vulnerability scan on [TARGET] has revealed the following findings:
[Tool] findings:
- [VULNERABILITY_DESCRIPTION]
- [ANOTHER_VULNERABILITY_DESCRIPTION]
...
No vulnerabilities detected.
Analyze the identified vulnerabilities and recommend possible variants or scenarios that might lead to additional security issues in the future. Provide insights into potential attack vectors, exploitation techniques, or misconfigurations that could be exploited by malicious actors.
Consider the currrent security posture and suggest improvements to mitigate the identified vulnerabilities. Your recommendations should foucs on enhancing the overall resilience of the target system.
[USER_PROMPT]
"""
The web-scanner’s output report with AI recommendations look as follow:
Figure 9. A screenshot of web-scanner report created using AI
Figure 10. Another screenshot of AI based web-scanner output
The existence of an automated AI-integrated web-scanner developed by an
underground threat actor highlights the continuous evolution and adaptability of
cybercriminals in keeping pace with modern times to stay ahead of the game. This
tool serves as a testament to the collaborative nature within the underground
community, where cybercriminals share ideas and learn from one another. The
custom web-scanner has already undergone improvements based on suggestions
received from the dark web community, resulting in the release of version 3 on
the Russian forum.
This flexible and customizable AI-based web-scanner exemplifies the potential
and knowledge that cybercriminals possess. It reflects their strong
determination to innovate and explore new frontiers in leveraging the
capabilities of GenAI. The tool's development and successive versions
demonstrate the dynamic nature of cyber threats and the relentless pursuit of
advancements by those with malicious intent.
CONCLUSION
As we delve into the complexities of GenAI and its implications for
cybersecurity, it becomes abundantly clear that this technological frontier is a
double-edged sword. While GenAI offers unparalleled opportunities for innovation
and efficiency, our examples in this blog show that misuse by cybercriminals
poses significant threats to global security and privacy. The adversarial use of
GenAI in advanced exploit development, deep fakes, custom tools and other
malicious activities underscores a stark reality: criminals are not bound by
ethics or regulations.
Reality brings us to a critical juncture where the responsibility of GenAI
developers and providers cannot be overstated. The call to action is clear and
urgent: on a global level, those at the forefront of GenAI innovation must
prioritize the implementation of robust security measures, ethical guidelines,
and oversight mechanisms. It is imperative that these stakeholders work
collaboratively with cybersecurity experts, policymakers, and international
organizations to establish a framework that not only fosters innovation but also
ensures the ethical use of GenAI technologies. The time to act is now as the
integrity of our digital world depends on it.
RECENT NEWS
* Feb 21, 2024
Trellix Named to Constellation ShortLists for XDR and Endpoint Protection
Platforms
* Feb 15, 2024
Trellix to Host AI and Cybersecurity Virtual Summit
* Feb 15, 2024
Trellix to Host Public Sector Cybersecurity Summit
* Feb 9, 2024
Trellix Named a Leader in IDC MarketScape for Modern Endpoint Security for
Midsize Businesses
* Jan 25, 2024
Trellix Achieves AWS Small and Medium Business Competency
RECENT STORIES
* Mar 6, 2024
The Dark Side of Innovation: Cybercriminals and Their Adoption of GenAI
* Mar 5, 2024
Trellix Helix Connect Extends Support for Amazon VPC Lattice
* Feb 22, 2024
Celebrating Black History Month: Understanding Individual Journeys and
Lifting the Black Voices of Trellix
* Feb 22, 2024
Celebrating Black History Month: Understanding Individual Journeys and
Lifting the Black Voices of Trellix
* Feb 22, 2024
Celebrating Black History Month: Understanding Individual Journeys and
Lifting the Black Voices of Trellix
THE LATEST FROM OUR NEWSROOM
Blogs | Perspectives
USING AI TO PIVOT FROM REACTIVE TO ADAPTIVE IN SECURITY OPERATIONS
By Brian Brown· February 21, 2024
AI is at peak hype. Here are considerations for integrating AI and ML in
security operations. Plus, key use cases for AI and cybersecurity.
Read the Blog
Blogs | Press Release
TRELLIX NAMED TO CONSTELLATION SHORTLISTS FOR XDR AND ENDPOINT PROTECTION
PLATFORMS
Trellix’s leading extended detection and response (XDR) platform and endpoint
security solutions build cyber resiliency and Security Operations efficiencies
for global organizations
Read the Press Release
Blogs | Perspectives
SHAPING THE FUTURE WITH TRELLIX DATA SECURITY
By Laurie Robb · February 20, 2024
Trellix Data Security is addressing challenges like insider threats, compliance,
and ransomware. Learn how we are shaping the future of living security.
Read the Blog
FEATURED CONTENT
GET THE LATEST
We’re no strangers to cybersecurity. But we are a new company.
Stay up to date as we evolve.
Please enter a valid email address.
Please enter a business email address
Submit
Zero spam. Unsubscribe at any time.
--------------------------------------------------------------------------------
Product Categories XDR Engine Endpoint Security SecOps and Analytics Data
Security Network Security Threat Intelligence Email Security Cloud Security
Request a Demo View All Products
About Why Trellix? About Us Leadership Careers at Trellix Corporate Social
Responsibility
News and Events Newsroom Press Releases Blogs Webinars Events
Support Support Downloads Product Documentation Submit a Sample
Resources Security Awareness Resource Library Advanced Research Center Training
and Education Communication Preferences
Connect with Trellix Contact Us
Trellix Store Shop Online
Copyright © 2024 Musarubra US LLC | Privacy | Legal | Terms of Service
SEARCH TIPS
Be concise and specific:
Wrong: I want to learn how to migrate to Trellix Endpoint Security
Right: Trellix Endpoint Security migration
Use quotation marks to find a specific phrase:
“migrate to Trellix Endpoint security”
Use sets of quotation marks to search for multiple queries:
“endpoint security” “Windows”
Punctuation and special characters are ignored:
Avoid these characters: `, ~, :, @, #, $, %, ^, &, =, +, <, >, (, )
The search engine is not case sensitive:
Endpoint security, endpoint security, and ENDPOINT SECURITY will all yield the
same results.
Close