AI technology is reshaping the landscape of cybersecurity threats, making cyber-attacks not only cheaper and faster to execute but also more difficult to detect. A recent report by ReliaQuest has shed light on these developments, underscoring that while AI enhances the efficiency of cybercrime, it does not fundamentally alter the tactics employed by cybercriminals.
ReliaQuest, a prominent threat intelligence firm, has closely monitored the impact of AI on the underground cybercrime community over the past two years. Their findings indicate a striking evolution in the use of AI in cyber attacks. In 2024, AI applications were primarily limited to minor enhancements, such as refining phishing emails and generating basic scripts through tools like FraudGPT. However, by mid-2025, AI’s role had expanded significantly. The report notes a burgeoning market for AI-driven resources, including services for creating deepfakes and scripts that assist in executing attacks more efficiently and effectively.
Today’s landscape sees AI becoming more integrated into offensive cyber strategies, as indicated by ReliaQuest’s insights. The report points out that AI serves two key functions in contemporary cyber incidents. First, it is utilized within the attack workflow itself. Attackers now employ AI to create sophisticated phishing pages, develop web shells, construct credential harvesters, and enhance the effectiveness of social engineering tactics. By improving the quality of the content produced, cybercriminals can increase their chances of deceiving potential targets.
Secondly, AI acts as an attractive lure for victims. Cybercriminals exploit the growing trust many users place in AI and its associated technologies. By creating fake installations or urging victims to run commands disguised as legitimate AI tools, attackers manage to bypass initial scrutiny and gain access to sensitive information or systems.
ReliaQuest’s study highlights that threat actors across various sectors, including notorious groups like ShinyHunters and North Korean hackers, are leveraging these AI advancements to pursue diverse objectives: from extortion and fraud to espionage. A common thread throughout these activities is AI’s ability to empower operators to accomplish their goals more rapidly and with less effort than previously possible.
The report also emphasizes that AI is increasingly viewed as an integral part of operational infrastructure for cybercriminals. It is now treated as a tool that can be purchased, customized, and seamlessly incorporated into existing workflows. For attackers, the essential focus is on maximizing efficiency while maintaining reliability and managing costs.
The Multifaceted Use of AI in Cybercrime
In its exploration of the ways AI is currently being utilized in cyber intrusions, the ReliaQuest report identifies six key strategies:
-
Industrial-Scale Phishing: AI enables the mass creation of phishing pages and lures, significantly lowering the entry barrier for aspiring cybercriminals. These campaigns can be quickly launched, modified, and repeated, ensuring a persistent threat.
-
Rapid Production of Malicious Tools: Key components such as web shells and credential harvesters can be generated swiftly. Additionally, AI can obscure code to complicate static analysis, furthering the attackers’ goals.
-
Enhanced Social Engineering: AI helps eliminate common signs of phishing attacks, such as grammatical errors or clunky designs, thereby increasing the legitimacy of fraudulent communications.
-
Identity Fabrication: With advanced capabilities for generating fake profiles and convincing deepfakes, particularly relevant for groups like North Korean operatives, AI makes identity fraud easier to execute and harder to detect.
-
Accelerated Initial Access: AI technologies facilitate rapid movement from initial interaction to compromise, using obfuscation techniques in ClickFix attacks and AI-enhanced pages in device-code phishing campaigns.
- AI-Branded Tools as Lures: Cybercriminals manipulate the trust placed in reputable AI brands, tricking users into executing malicious commands or downloading harmful extensions that appear legitimate.
An Action Plan for Cyber Defense
The report argues that while organizations do not need a completely new strategy tailored specifically to AI, the accelerating pace of attacks necessitates a reevaluation of existing security measures. Security teams must focus on solidifying their fundamental defenses and employing a layered approach, integrating AI and automation wherever possible to keep pace with these modern threats.
Chief Information Security Officers (CISOs) are advised to implement several strategies to combat the growing influence of AI on cyber threats:
-
Behavioral Detection Systems: These should be deployed across all endpoints, identities, networks, and cloud environments, particularly in the aftermath of granting access.
-
Automated Containment Solutions: Rapid response is critical in the era of machine-speed attacks; automation can be vital in maintaining control during incidents.
-
User Education: Employees should be retrained to recognize the full range of manipulations that AI can employ, including the creation of fake voices, videos, profile photos, and polished texts. Moreover, mandatory out-of-band verification for sensitive transactions or requests is crucial.
-
Investment in Threat Research: Organizations should focus on understanding the patterns and volumes of AI-generated campaigns to bolster their defenses effectively.
- Utilization of External Threat Intelligence: Actively monitoring and incorporating external insights can help identify AI-enabled tradecraft before it infiltrates an organization’s infrastructure.
As cyber threats continue to evolve with advancements in AI technology, proactive measures will be essential for organizations to safeguard their digital assets and preserve their operational integrity against a more sophisticated array of attacks.