A study by cybersecurity solutions provider Kaspersky, presented during its annual Cyber Security Weekend held in Sri Lanka, reveals that approximately 21% of phishing emails are now generated by AI, which is expected to increase as the technology becomes more accessible.
This finding by Kaspersky underscores the growing sophistication and accessibility of AI tools for malicious purposes, presenting new challenges for cybersecurity professionals.
“We’ve been monitoring phishing and spam activities closely, and our analysis indicates that attackers are increasingly leveraging generative AI (GenAI),” said Igor Kuznetsov, director of the Global Research and Analysis Team (GReAT) at Kaspersky. “This suggests that cybercriminals find it cheaper and more effective to use AI to craft their attacks rather than simply increasing the volume of emails.”
Integrating AI into phishing campaigns is not just a new threat but a serious one that capitalizes on the efficiency and precision of generative models. These AI tools allow attackers to craft highly personalized and convincing phishing emails, which can deceive even the most vigilant users. This method is not only cost-effective for cybercriminals but also significantly increases the success rate of their attacks.
Kaspersky’s research highlights that the percentage of AI-generated phishing content surges during global events. This pattern suggests a strategic use of AI to exploit moments when people are more likely to engage with online content, making them more susceptible to phishing attempts. The adaptability and scalability of AI tools have made it easier for cybercriminals to execute these attacks with minimal effort and maximum impact.
Ransomware
While the rise of AI-generated phishing is alarming, ransomware remains a dominant threat in the cybersecurity landscape. According to Kaspersky’s findings, ransomware attacks continue to plague businesses worldwide, with a notable decline in the number of ransomware attempts but an increase in their success rate. This trend indicates that attackers are using more sophisticated tools, allowing them to achieve their goals without needing to launch as many attacks.
Kaspersky’s data shows that in the Asia-Pacific (Apac) region alone, over 1.29 million ransomware incidents were detected in business networks between January and July 2024. Kuznetsov noted that this shift toward fewer but more successful attacks suggests that cybercriminals are improving their methods, making each attack more destructive.
The Apac region has become a significant target for various cyber threats. Between January and July 2024, Kaspersky’s systems prevented approximately 245 million web-borne threats and blocked over 320 million local threats. The region also witnessed a staggering number of backdoor attacks, with over 7.54 million incidents reported, primarily affecting business networks.
The Philippines emerged as the most targeted country in the region for online threats, ranking ninth globally. Nepal, Sri Lanka, Malaysia, and New Zealand followed, each experiencing high rates of online attacks. Local threats, particularly those targeting mobile devices and computers, were also prevalent, with Myanmar, Vietnam, China, Nepal, and Laos being the most affected.
Kuznetsov emphasized the importance of understanding these threats’ regional impact, noting that the high incidence of attacks in certain Apac countries correlates with the presence of compromised servers being used as part of larger botnet operations.
“These compromised servers, often located in countries like Singapore, Japan, and Australia, play a critical role in the spread of cyber threats across the region,” he added.
Automation and AI in cybersecurity
As cyber threats become more sophisticated, cybersecurity firms like Kaspersky are increasingly relying on automation and AI to detect and mitigate these risks. In 2024, Kaspersky detected an average of 411,000 unique malware samples daily, up from 403,000 in 2023. Over 106 million unique malicious URLs were identified in 2023, with 99% of detections handled by automated systems.
These automated systems are crucial in managing the sheer volume of threats that arise daily. However, Kuznetsov pointed out that while automation is effective for broad threat detection, advanced or state-sponsored attacks still require human expertise to analyze and counter.
“Less than 1% of the threats we detect are of interest for targeted attacks, but these are the ones that require the most attention and expertise to handle,” he said.
The operations behind ransomware attacks are more complex than many realize. Contrary to the popular belief that ransomware is the work of isolated criminal gangs, these attacks are often orchestrated by highly organized groups of IT professionals who have chosen to operate outside the law. These groups follow a business model, with different teams responsible for various stages of the attack, from initial compromise to final extortion.
One particularly concerning development is the rise of Ransomware-as-a-Service (RaaS), where ransomware is sold as a subscription service. This model allows even less technically skilled criminals to launch sophisticated ransomware attacks by purchasing the necessary tools and support from more experienced cybercriminals.
Kaspersky has also observed an increase in ransomware operators using Zero-Day exploits — vulnerabilities that are unknown to the software’s developers and, therefore, unpatched. This trend, which was once the domain of state-sponsored attackers, indicates a significant escalation in the capabilities of ransomware groups. The use of Zero-Days makes these attacks more difficult to defend against and increases the likelihood of successful data encryption and extortion.
Multi-layered defense
Kaspersky advocates for a multi-layered approach to cybersecurity, combining advanced tools with comprehensive strategies and user education. Despite the sophistication of modern attacks, many breaches still occur due to human error, such as falling victim to phishing scams or using weak passwords. Training employees to recognize and respond to potential threats is a critical component of any effective cybersecurity strategy.
In addition to education, the use of up-to-date threat intelligence is essential. Keeping track of the latest attack methods and trends allows businesses to adapt their defenses and stay ahead of cybercriminals. Kaspersky’s research and tools are designed to provide this intelligence, helping companies protect their assets and maintain robust cybersecurity defenses.
You must be logged in to post a comment.