The Fifth Wave of Cybercrime: How AI Has Turned Digital Crime into a Global Industry

Cybercrime has entered a new and more dangerous phase as cybercriminals rapidly harness artificial intelligence (AI). What cybersecurity firm Group-IB describes as the “fifth wave” of cybercrime is not just an evolution of technique, but a structural transformation in how digital attacks are conceived and executed.

A Global Warning: Escalating Cyber Threats

According to Group-IB’s research, this latest wave represents a shift in the criminal landscape where sophisticated attacks that once required deep technical expertise are now available as on-demand tools — often for a simple subscription fee. This has dramatically lowered the barrier to entry for cybercrime, making it accessible to a much broader range of actors.

The Fifth Wave of Cybercrime: How AI Has Turned Digital Crime into a Global Industry

From Manual Phishing to AI-Driven Offenses

Cybercrime has evolved through five distinct waves over the past three decades:

1. First Wave (Late 1990s): Manual phishing and basic email scams.

2. Second Wave (Early 2000s): Spread of malware and simple hacking tools.

3. Third Wave (2010–2015): Organized cybercrime and ransomware-as-a-service.

4. Fourth Wave (2016–2022): Supply-chain attacks and large-scale data breaches.

5. Fifth Wave (Since 2023): Deep integration of AI across cybercriminal infrastructure.

In this fifth wave, attackers no longer use AI occasionally — AI is now core infrastructure for cybercrime operations.

The Dark Web: A Hotbed for AI-Powered Crime

Group-IB analyzed underground forums and marketplaces to track this shift. Their findings show:

• A 371% increase in posts about AI since 2019.

• A 1,199% rise in overall engagement and replies on these topics.

• Over 23,000 original posts and nearly 300,000 replies in 2025 alone.

• The spread of AI-driven tools marketed to inexperienced users at low monthly costs, similar to legitimate software subscriptions.

This means that even users with minimal technical skill can now launch complex threats like custom phishing campaigns, identity impersonation, or tailored malware simply by subscribing to an AI-powered service.

Dark Language Models: AI Without Ethical Boundaries

One of the most concerning developments is the emergence of “Dark LLMs” — proprietary large language models that are intentionally designed without ethical safeguards. These models can produce:

• Convincing phishing and scam messages

• Custom malicious code and instruction sets

• Techniques for bypassing security systems

These models are often sold like commercial software, complete with subscription tiers and “updates,” blurring the line between criminal toolkits and legitimate digital services.

Dual Threats: Jailbreaks and Deepfake Services

Alongside Dark LLMs, cybercriminals increasingly use tools that:

• Break or “jailbreak” standard AI models to remove safety limits

• Offer deepfake-as-a-service for voice and video impersonation

• Enable fraud against biometric identity systems or automated checks

Both trends underscore how AI can not only automate traditional attacks but enhance them with realism and precision.

Cybercrime as a Service: Industrial-Scale Abuse

Today’s digital underground operates much like a formal industry. Criminals now offer:

• Support and “customer service” for AI-powered malware

• Subscription access instead of one-off downloads

• Tiered offerings tailored for beginners up to advanced users

This commercialization of cybercrime dramatically expands its reach and impact.

How Defenders Must Respond

Experts argue that traditional defense strategies — such as signature-based blocking — are no longer enough. Instead, organizations and governments must shift toward:

• Threat intelligence-driven security

• Behavior-based monitoring rather than simple pattern matching

• Integrating AI into defensive systems

• Global collaboration among cybersecurity teams and law enforcement

International cooperation is especially critical, since this new era of cybercrime transcends national boundaries and outpaces many existing legal frameworks.

This content is part of continuous monitoring of Arabic websites and specialized blogs, alongside insights drawn from Egypt-based online stores, Kuwait stores, and vitamin e-commerce platforms. It also relies on a well-known social media services platform as a primary source for information, trends, and ongoing updates

Other Topics You May Also Be Interested In

 TikTok Unveils New US Entity “TikTok USDS Joint Venture LLC” to Protect American User Data and Continue Operations in 2026

    ?What Is a Denial of Service (DDoS) Attack