We’ve seen long-standing ransomware gangs like Clop, BlackCat, Ryuk, and Royal deploy custom-built malware, not off the shelf kits. These groups run infrastructure, manage affiliates, and evolve their code in a software development like lifecycle.
AI is now lowering barriers: criminals are using LLMs and coding assistants to automate exploit creation, obfuscation, and evasion, making complex attacks easier even for actors without deep technical expertise.
Malware-as-a-service (RaaS) also separates roles: the people writing the code aren’t always the ones deploying it. Yet both roles involve engineering decisions, iteration, and tooling similar to legitimate software development.
The takeaway: criminal tooling is increasingly engineered, not opportunistic. Defenders need to rethink threat research, automation, and talent investment to keep pace proactively, not just reactively.
israeltimi•20h ago
AI is now lowering barriers: criminals are using LLMs and coding assistants to automate exploit creation, obfuscation, and evasion, making complex attacks easier even for actors without deep technical expertise.
Malware-as-a-service (RaaS) also separates roles: the people writing the code aren’t always the ones deploying it. Yet both roles involve engineering decisions, iteration, and tooling similar to legitimate software development.
The takeaway: criminal tooling is increasingly engineered, not opportunistic. Defenders need to rethink threat research, automation, and talent investment to keep pace proactively, not just reactively.