AI-Powered Cyberattacks Surge, Exploiting Basic Gaps

- Cybercriminals are increasingly targeting identities, with attacks using valid credentials rising by 71% year-over-year, making it as common as phishing for initial access. This shift involves a 100% increase in "Kerberoasting," a technique for stealing Microsoft Windows credentials, and a 266% rise in malware designed to steal information like usernames and passwords. - The barrier to entry for cybercrime has been significantly lowered by AI, allowing less skilled individuals to launch sophisticated attacks using AI-powered tools available on the dark web. These tools enable attackers to automate and scale their operations, crafting highly personalized and convincing phishing emails, fake websites, and malicious code with greater efficiency. - Deepfake technology in fraud is rapidly expanding, with the number of deepfake files projected to grow from 500,000 in 2023 to 8 million by 2025. Voice cloning has become a primary attack method due to its low cost and ease of creation; scammers can create an 85% voice match with just three seconds of audio. - A significant security gap is the failure to patch known software vulnerabilities, which was the leading cause of attacks in 2025, accounting for 40% of incidents. Many of these vulnerabilities are tied to nation-state actors and are discussed on dark web forums. - While ransomware incidents in enterprises saw a slight decrease, extortion-based attacks more than doubled in 2023. Data theft and leaks have become the most common impact, indicating a shift in tactics for financial gain. - Critical infrastructure is a disproportionately targeted sector, representing 70% of IBM's incident response cases in one analysis. For the fifth consecutive year, manufacturing was the most targeted industry, accounting for nearly 28% of all incidents. - A recent report shows a nearly 100% increase in AI-driven cyberattacks in the past year, with AI helping hackers accelerate their movement across compromised networks by 65%. In one documented case, a finance professional was tricked into transferring over $25 million after a video call with deepfake versions of the company's CFO and other executives. - Despite the rise in AI-driven fraud, only 22% of financial institutions have implemented AI-based fraud prevention tools, leaving many vulnerable to these more sophisticated attacks. Meanwhile, hackers are also directly targeting AI companies, with 90 such companies breached by attackers who stole personal information and cryptocurrency.