Generative artificial intelligence (GenAI) was analyzed in a recent report by Transmit. The report includes screenshots of dark web forums, marketplaces and subscription-based services

According to the report, Blackhat Gen-AI tools make it easier to create and automate fraud campaigns, resulting in an increased volume, velocity and variety of attacks. GenAI tools automate pentesting to find enterprise vulnerabilities and circumvent security used by specific targets.

Configuration (config) files, generated with the assistance of GenAI, are used for validating accounts and can validate up to 500 credentials per minute, according to the report. Bundled services like Remote Desktop Protocols (RDPs) and credit card checkers are augmented by AI to streamline attack creation.

The report found that GenAI rapidly generates real or synthetic identity data to create hard-to-detect fraudulent accounts aged with eight-plus years of order history to appear legitimate. GenAI makes it easy to create high-quality fake IDs that are able to bypass security checks, including most AI-driven identity verification.

Video and voice deepfakes lure victims into scams, while voice cloning is able to trick call center voice authentication systems, according to the report. Dark web markets offer 24/7 escrow and high seller ratings up to 4.99/5 to assure purchasers of product efficacy.

The report included advise to mitigate GenAI threats, such as implementing fraud prevention, identity verification and customer identity management services.

GenAI can be beneficial as a fraud analytics tool and can be used to query an organization’s identity data to generate graphs or insights about end users, devices, risk or trust events, attack types and other information — to adapt to rapidly-emerging trends.

Read the report

Risk management was analyzed in a recent report by AuditBoard. The study revealed that expanding expectations are coming at a time when internal audit has limited bandwidth for advisory-related services — and increasing risk demand and insufficient risk management capacity are creating a risk coverage gap for the business.

The report looks at where internal audit teams are currently spending the majority of their time, and where adjustments could be made to help shift focus to value-added, risk-related activities. Key findings include:

Information security control testing appears to be growing in practice, with 82% of chief audit executives (CAEs) involved in some capacity and 44% either owning or heavily involved. Twenty-eight percent of CAEs either own or are heavily involved with continuous monitoring of a key process, but 60% of surveyed auditors have some level of involvement in ERM — and 40% have no involvement whatsoever.

More than half (55%) of CAEs indicate that their administrative reporting managers (typically CFOs and CEOs) have asked internal audit teams to be involved in more activities in the past two years, including ERM, ESG, governance, operational initiatives, and quality assurance.

While surveyed CAEs identified integrated risk management (IRM) as their top area for increasing responsibilities, most organizations still have a long way to go toward IRM maturity. IRM was CAEs’ top response for where they should be more involved.

Ninety-six percent of organizations lack mature IRM programs, and 11% of organizations report having no IRM strategy whatsoever, with audit, risk and compliance functions working independently, while 51% of organizations seem to know IRM is needed, but have no cohesive strategy for it.

Another 24% have no formal strategy, but say they’re actively working toward connecting audit, risk, and compliance functions. This finding is promising, reflecting a recognition of the need for IRM even if they aren’t yet using the specific term.

Read the report