AI Supercharges Assaults in Cybercrime’s New ‘Fifth Wave’

AI is powering a “fifth wave” within the evolution of cybercrime, providing cheap, ready-made malicious instruments enabling refined assaults, based on Group-IB.

In its newest report, printed on January 20, the Singapore-based cybersecurity agency divided the historical past of cybercrime in 4 phases, from the opportunistic malware and viruses of the Nineteen Nineties and early 2000s to “ecosystem and provide chain assaults” wave that marked the 2010s and 2020s.

Since 2022, the agency argued, cybercrime has entered a fifth wave, which it known as “weaponized AI.”

This new period is marked by the fast adoption of AI and generative AI (GenAI) instruments by attackers that “flip human abilities into scalable companies” and make cybercrime “cheaper, sooner and extra scalable,” Dmitry Volkov, Group-IB’s CEO, mentioned within the report’s foreword.

Black Market Deepfake Kits Gas Cybercrime for as Little as $5

One of the putting misuses of GenAI, Group-IB argued, is within the creation of pretend artificial content material impersonating actual folks.

This content material can be utilized lure different trusting folks to execute duties or to bypass authentication processes and know your customer (KYC) programs to achieve entry to gadgets, steal cash or steal information.

As an example, Group-IB analysts discovered “artificial identification kits” providing AI video actors, cloned voices and even biometric datasets for as little as $5 and deepfake-as-a-service choices for subscriptions beginning at $10 per thirty days.

Moreover, the analysts recorded a spike in discussions about such AI-powered instruments for felony functions in darkish internet boards over the previous three years, from a mean of under 50,000 messages on this subject from 2020 to 2022 to roughly 300,000 messages yearly since 2023.

Through the report’s launch occasion in London, Anton Ushakov Group-IB’s cybercrime investigation unit chief, mentioned these ready-made kits have turn out to be “a commodity” on darkish internet marketplaces.

“What is basically attention-grabbing is that not solely pre-recorded deepfakes are widespread, but in addition low cost instruments enabling stay deepfake schemes,” he added.

“In fact, these won’t persuade 90% of individuals, but when it really works in 5% to 10% of instances, it may be profitable sufficient at this stage,” he famous.

Read more: World Economic Forum: Deepfake Face-Swapping Tools Are Creating Critical Security Risks

Phishing Kits Enter the Agentic AI Period

One other main use of AI by cybercriminals highlighted within the Group-IB report is for phishing.

Phishing kits are actually listed at costs ranging “from as little as a Netflix subscription to $200 per thirty days, making them accessible and inexpensive to teams large and small,” mentioned the report.

Ushakov’s crew discovered that the brand new malicious AI capabilities are actually used past merely helping the attacker within the manufacturing of plausible phishing emails.

“AI just isn’t solely altering how phishing is generated, dealt with, hosted and run, however the way in which it’s distributed,” Ushakov mentioned.

He defined that, beforehand, criminals utilizing phishing-as-a-service (PhaaS) kits would nonetheless have to configure every little thing, together with SMTP servers and checklist of victims and run these campaigns.

“Now, with the assistance of AI, and particularly the open-weight fashions which are accessible, criminals are constructing the instruments to automate these duties,” Ushakov began.

“They embed the fashions into the instruments which are serving to to scale and automate phishing campaigns when it comes to the supply. The fashions present them with the checklist of the victims and kind of narrative that they wish to use for the lures,” he continued.

Group-IB discovered one service that “agentizes the phishing campaigns.” This software makes use of AI brokers to develop lures, ship phishing emails to victims and returns data to the criminals with suggestions, permitting them to adapt the marketing campaign over time.

“On the sufferer’s aspect, all of the malicious emails really feel private and new ones preserve being despatched out by the phishing package’s agent,” mentioned Ushakov, who famous that the ‘agentized’ phishing package seems to nonetheless be in a testing and growth part.

Darkish LLMs Develop in Sophistication

Lastly, Group-IB analysts additionally discovered that menace actors are shifting previous chatbot misuse and are creating proprietary “darkish giant language fashions” (LLMs) which are extra steady, succesful and don’t have any moral restrictions.

From early experiments of rudimentary, open-access darkish LLMs like WormGPT, these instruments have now advanced into custom-built, self-hosted AI fashions optimized for producing dangerous content material, together with malware, scams and disinformation.

They don’t have any moral restrictions and are sometimes fine-tuned on rip-off linguistics or malicious code and datasets.

The darkish LLMs help in varied cybercriminal actions, together with:

• Fraud and rip-off content material technology for love, funding and impersonation scams
• Crafting phishing kits, faux web sites and social engineering scripts
• Malware and exploit growth assist, together with code snippets and obfuscation
• Preliminary entry help with vulnerability reconnaissance and exploit chains

The analysts recognized a minimum of three lively distributors providing darkish LLMs with subscriptions starting from $30 to $200 per thirty days, and a buyer base exceeding 1000 customers.

One instance, known as Nytheon AI, is an unrestricted, self-hosted AI chatbot promoted on darkish internet boards as a totally offline, 80-billion-parameter, locally-hosted hybrid LLM hosted over TOR and mixing open-source fashions like DeepSeek-v3, Mistral, Llama v3 Imaginative and prescient and a few others.

In April 2025, Group-IB investigations confirmed the sale of Nytheon AI on Telegram channels by a subscription-based mannequin. Designed to supply uncensored chatbot responses, its marketed use instances embody serving to to develop malware, penetration testing, vulnerability analysis, fraud schemes and unfiltered data queries.

The cybersecurity agency validated Nytheon AI’s AI performance, technical capabilities and lack of moral restrictions.

Craig Jones, former Interpol director of cybercrime and impartial strategic advisor for Group-IB argued that, whereas “AI hasn’t created new motives for cybercriminals,” it has industrialized cybercrime by “dramatically growing the velocity, scale and class with which these motives are pursued.”

“What as soon as required expert operators and time can now be purchased, automated and scaled globally. That shift marks a brand new period, the place velocity, quantity, and complicated impersonation essentially change how crime is dedicated and the way exhausting it’s to cease,” he concluded.