AI Accelerates Hacking: New Research Reveals Faster Breaches and Shifting Cybercrime Tactics

AI is helping hackers get access to systems quicker than ever before

ReliaQuest research says encryption of exfiltrated data is becoming less likely As well as boosting businesses across the world, the adoption of AI by security teams and hackers has also changed the cybercrime landscape, with new research from ReliaQuest claiming cybercriminals are now faster than ever at breaching systems, with the average time between initial access and lateral movement now just 48 minutes. Interestingly, the report found hackers are relying less and less on encryptions, with 80% of all breaches involving data exfiltration, but just 20% including encryption, and many attackers are, abandoning encryption altogether, focusing solely on data theft, "a faster, more profitable approach," the report confirms. This suggests companies are perhaps less inclined to pay ransoms, and hackers are finding more success in simply selling the stolen data, rather than making demands. This isn't perhaps entirely surprising, as fewer than half of ransomware incidents result in payment, and of those who pay the ransom, only around 7% actually ever fully recover their information - so there's not much incentive on either side. The research also shows phishing is once again the top initial access technique, and 30% of these attacks include credential harvesting. Social engineering attacks are evolving too, with 'voice phishing' now behind 14% of breaches - especially targeting the manufacturing sector, likely due to the 'frequent IT interactions and lenient help-desk policies' needed to handle the high volumes of support requests. But the findings also mean security teams are going to have to rethink their priorities in the coming months, and in 2025, companies will have to bolster their defenses to avoid any costly downtime. "The focus can no longer be solely on restoring encrypted systems -- strategies must also address protecting data privacy, managing reputational risks, and ensuring compliance with regulatory requirements," the report adds. "To prepare, CISOs must implement defenses to detect and prevent exfiltration attempts while developing playbooks that prioritize business continuity and resilience against these evolving ransomware tactics."

Hackers are using AI to breach systems faster than ever

AI is helping hackers breach systems faster than ever and in under an hour, according to new research from ReliaQuest. The report also indicates that hackers are shifting from ransomware to data theft, making attacks harder to detect and defend against. Phone-based and phishing scams are also rising, making businesses rethink their security strategies to protect sensitive information. The report found that hackers are moving away from ransomware and focusing on selling stolen data rather than demanding ransoms, as it is more profitable. 80% of breaches involve data theft, while only 20% include data encryption. This change implies companies are less likely to pay the ransom, as only around 7% recover their data. Phishing is currently the top way hackers steal data, with 30% of attacks including credentials theft. As attackers use AI, it only takes them four hours to steal the data and six hours to encrypt it. Recommended Videos Another rising threat is voice phishing, which now accounts for 14% of breaches and primarily targets the manufacturing sector. Recurring IT dealings and permissive help desk policies are possible causes for the rise in "voice phishing." But it's not all bad news. The report says that defenders have made progress this year. ReliaQuest says it's using AI and automation to tackle threats, making it possible for customers to achieve threat containment in only three minutes. As the attacks grow, it's paramount that organizations improve their defenses. The report outlines three steps organizations can take to stay safe: incorporating AI and automation into security operations, barricading common entry points, and eliminating blind spots. ReliaQuest says it aims to help organizations strengthen their security strategies and improve threat detection and response.