- Best Practices and Risks Considerations in Automation like LCNC and RPA
- Machine Identities Outnumber Humans Increasing Risk Seven-Fold
- API attacks surge due to rise in AI
- At long last, OpenStack (now known as OpenInfra Foundation) joins Linux Foundation
- ServiceNow’s Yokohama platform release focuses on agentic AI
The Rise Of AI-Powered Cyber Threats: How Adversaries Are Using “Good Enough” Tactics to Outsmart Defenders
As we move into 2025, organizations are laser-focused on maximizing resources and achieving better business outcomes. Increasingly, this translates into leveraging AI and automation to streamline operations, improve efficiency, and enhance cybersecurity efforts. While we’re not on the brink of AI achieving sentience, its role in cybersecurity is undeniable—particularly in automating repetitive, time-consuming tasks.
However, the same tools that empower defenders can be easily weaponized by adversaries, leading to a heightened and more complex threat landscape. Cybercriminals are adept at exploiting AI’s capabilities, applying timeless strategic principles like the one articulated by General George S. Patton: “A good solution applied with vigor now is better than a perfect solution applied ten minutes later.” This mindset is evident in the rise of identity-based attacks, where attackers prioritize effectiveness over sophistication, using breached credentials and straightforward techniques rather than investing in costly, intricate exploits.
The Rising Threat of Infostealers
One prominent trend in the cyber threat landscape is the widespread use of infostealers. These easily deployable tools are often distributed via malvertisements and other common delivery methods. Despite their simplicity, infostealers pose a significant threat due to their ability to harvest massive amounts of sensitive data efficiently.
When combined with AI, the implications become even more alarming. AI allows adversaries to analyze and operationalize the data harvested by infostealers at scale. For instance, attackers can automate the validation of credentials across multiple platforms, streamlining account takeovers. This fusion of automation and data-driven targeting increases the success rate of attacks and accelerates their execution.
The growing dependence on identity-based attacks underscores why credentials remain a prime target. Unlike advanced exploits that require deep technical expertise and substantial resources, credential-stuffing attacks rely on readily available information—breached passwords—to achieve their objectives quickly and effectively.
AI-Driven Social Engineering
The threat doesn’t stop with credentials. AI is amplifying the sophistication of social engineering attacks, making them harder to detect and more convincing. Cybercriminals now have access to the same cloud-based or standalone AI tools that cybersecurity teams rely on. These tools can ingest vast amounts of publicly available data—from social media posts to corporate websites—and generate hyper-personalized phishing campaigns.
Consider a scenario where AI that is trained on a target’s online activity crafts a phishing email tailored to their recent social media interactions. Worse yet, imagine receiving a phone call that sounds like your CEO, thanks to AI-powered voice cloning. This level of authenticity in attack vectors represents a significant evolution in cybercriminal tactics.
Even the most basic social engineering scams—such as SMS messages from a “CEO” requesting gift cards—remain alarmingly effective. With AI enhancing these tactics, attackers can scale operations while maintaining a layer of legitimacy that was previously difficult to achieve.
Identity at the Center of the Storm
The convergence of traditional hacking techniques with identity-based attacks is another concerning trend. Once attackers gain access to enterprise systems—such as Office 365—they can exploit tools like the Microsoft Graph API for persistence, lateral movement, and data exfiltration. While some methods, such as setting up mailbox forwarding rules, are straightforward, others involve sophisticated maneuvers that evade detection.
Although technologies like passkeys and hardware-based authentication offer promising solutions for mitigating identity-related threats, widespread adoption remains challenging. Implementation complexity, cost considerations, and user resistance hinder the broader deployment of these advanced authentication methods, leaving gaps for attackers to exploit.
Preparing for 2025: A Dynamic Landscape
As we approach 2025, the intersection of AI, automation, and cybercrime presents a dual-edged sword. On one side, defenders can access powerful tools to detect and mitigate threats. On the other hand, adversaries are leveraging those same tools to scale operations, refine tactics, and enhance their success rates.
The challenge lies in staying ahead of the curve. Cybersecurity teams must prioritize resilience, focusing on proactive strategies to counter AI-driven threats. This includes:
- Enhanced training to recognize sophisticated phishing and social engineering attempts.
- Adopting robust identity protection measures, such as multi-factor authentication (MFA) and zero-trust architectures.
- Investing in AI-driven defense mechanisms capable of identifying and neutralizing threats before they escalate.
In 2025, even “simple” attacks could have huge consequences due to the amplification power of AI. As defenders, we must anticipate these emerging trends and build robust systems to mitigate their impact. The cybersecurity landscape is evolving rapidly, and only those prepared to adapt will successfully navigate the challenges ahead.
By embracing a proactive and adaptive mindset, we can ensure that AI and automation serve as defense tools rather than exploitation avenues.
About the Author
Aaron Shaha is Chief of Threat Research and Intelligence at Blackpoint Cyber. He is a Strategic Information Security Executive and subject matter expert with a record of pioneering cyber security trends by developing novel security tools and techniques that align with corporate objectives. Known for building and leading strong teams that provide technology enabled business solutions for start-ups, industry leaders (Deloitte and its Fortune clients) and government agencies (NSA). Skilled at developing information security strategies and standards, leading threat detection and incident response teams to mitigate risk, and communicating effectively across all levels of an organization.
Aaron can be reached online at www.linkedin.com/in/aaronshaha and at our company website www.blackpoingcyber.com
