A recent Kaspersky study, conducted among InfoSec professionals from medium and large enterprises worldwide, revealed that 46% [AN1] of respondents believe the majority of cyberattacks experienced by their organizations in the last 12 months used AI technologies in some way. In this article, Kaspersky will discuss the way cybercriminals use AI, the consequences companies that fall under such attacks may experience, and how businesses can protect their infrastructure against them.
How cybercriminals are using AI
AI empowers cybercriminals to attack their targets with greater speed and precision. One of the most significant transformations is the way AI has revolutionized automated phishing and social engineering campaigns. By using AI tools, hackers can now analyze employee data in depth, learning about their positions in the company, behavioral patterns in communication, and uncovering their social media activity to create highly personalized and credible social engineering tactics.
Alarmingly, AI is also being used by cybercriminals to generate deepfake audio and video content, impersonating the voices and likenesses of CEOs or other executives in fraudulent scams. Additionally, AI is also helping attackers bypass traditional security mechanisms. Using machine learning algorithms, an attacker can test all possible variants of the attack in real time, which provides them with a more effective way of evading cybersecurity software and firewall detection.
The scale of threats and the cost to businesses
The emergence of AI-enabled attacks means all types and sizes of businesses are now at an increased risk. Previously, some businesses may not have been perceived as potential targets, but AI now empowers attackers to scale their operations further. Cybercriminals can attack thousands of companies simultaneously with minimal effort. The attacks can now be deployed more effectively while hiding the trail back to the origin of the malicious act.
The damage associated with AI-driven attacks, both financial and reputational, can be severe for businesses. In addition, fines and legal costs, as well as long-term damage to customer trust may follow — a particularly sensitive area for sectors such as finance, and legal services, which rely heavily on consumer trust and confidentiality.
How businesses can protect themselves
To counter the growing threat of AI-driven cybercrimes, businesses need to focus on building a comprehensive cybersecurity framework rather than relying solely on AI-powered solutions. While AI tools play a critical role in real-time monitoring and threat detection, they are not sufficient on their own. Effective cybersecurity requires a multi-layered approach that includes advanced security tools, regular employee training, and proactive incident response planning. Only by combining technology, education, and preparation can businesses build the resilience needed to face the challenges posed by increasingly sophisticated AI-driven threats.
