- Cybercriminals leverage GenAI to accelerate attack creation
- Campaigns prioritize speed and scale over sophistication
- Report Shows Basic Tactics Still Bypass Defenses
Cybercriminals are making their way into enterprise environments, using Generative Artificial Intelligence (GenAI) to make launching attacks faster and easier, research claims, noting that although the attacks are less sophisticated compared to non-AI ones, this is a trade-off that cybercriminals are apparently happy to accept.
HP Wolf Security’s latest Threat Insights report claims to have looked at the use of AI tools in different ways. In one campaign, a fake invoice PDF contained a link that triggered a download from a compromised site, before redirecting the victim to a trusted platform.
In another, criminals used off-the-shelf malware components and optimized them with custom honeypots and payloads. This allows them to “create, personalize and scale campaigns quickly with minimal effort.”
Piggyback attacks
Researchers also observed the so-called “piggyback” attack, in which malware was hidden in fake Teams installers.
Victims would download a malicious installation package with hidden Oyster Loader malware that was added to the Teams installation process. So while the actual app is being installed, the victims do not notice that the infection is happening in the background.
“It’s the classic project management triangle: speed, quality and cost. Often one of them is sacrificed. What we’re seeing is that many attackers are optimizing for speed and cost, not quality,” said Alex Holland, principal threat research, HP Security Lab.
“They’re not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic, but the uncomfortable reality is that they still work.”
If we analyze the report, it would seem that quality is not the determining factor here. According to HP telemetry, at least 14% of malicious emails managed to bypass one or more email gateway scanners, suggesting that the “low quality, high quantity” approach does work. The most popular delivery type were executable files (37%), .ZIP files (11%), and .DOCX files (10%).
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
