AI-Powered Cyberattacks on the Rise: Nation-States and Criminals Exploit New Technologies

Hackers are stealing the keys and walking through the front door, and AI is helping them turn the handle

Hackers and defenders are turning to AI to boost productivity With great power comes great responsibility, but in the case of artificial intelligence Uncle Ben's words aren't hitting home. Hackers are increasingly integrating AI into their attack patterns, using it to craft convincing phishing emails to steal login credentials. After all, why battle with cyber defenses that an organization has spent tens of thousands of dollars on when you can simply steal the keys and walk through the door. But there is hope... Microsoft's sixth Digital Defense Report (DDR), released today, has found that over 80% of the attacks investigated by Microsoft's security teams were in pursuit of data. Hackers are earning big bucks by accessing systems, stealing and then encrypting or deleting data, and then ransoming the data back to the victim. While the hackers may be financially motivated, the attacks have real world consequences. Recent trends have shown that attackers are turning towards critical health services and government systems, particularly those that rely on outdated hardware or without the funds to mount a proper defense. After being hit by ransomware, hospitals and care facilities are more inclined to pay to restore access to systems, or otherwise face operation delays and even patient deaths. Humans remain the weakest link in cybersecurity, with credentials being stolen to bypass security systems and access the heart of organizations. Luckily, there is a simple tool that can defend against 99% of identity-based attacks. Multi-factor authentication prevents attackers from logging into accounts even if they have the correct credentials by requiring verification that the login attempt is coming from the legitimate account owner. Authentication apps are especially effective against infostealing malware. Even if it is successfully deployed within an organization and harvesting credentials, the data it gathers is effectively useless if the attackers cannot also authenticate themselves. Attackers and defenders are increasingly turning to AI to crack and patch up cyber defenses. Rather than sending emails manually, attackers are using AI to craft convincing copy in multiple languages and then sending it out en masse. AI is also enabling hackers to build malware that can mutate, giving it an effective camouflage against security software. In fact, AI's usage within the cyber world has risen almost in sequence with the release of powerful new models. Defenders are also taking advantage of AI tools to spot phishing attacks, new malware, training, and potential threats - so there is a balance. Hackers aren't all just regular Joes taking a bet on ransoming data for a quick pay day - sophisticated nation-state actors are launching more campaigns for intelligence gathering, disruption, and financial gain. For example, China has launched numerous high-profile campaigns over the past year, with the most prolific attack being against major US telecommunications providers. Iran is targeting western maritime commerce organizations, potentially signaling attacks against commercial shipping in the Middle East. Microsoft also noted a significant expansion in Russian groups targeting organizations dedicated to supporting Ukraine, particularly small businesses without the budget to pay for powerful protection suites. North Korean groups continue to seek funding for the hermit kingdom, with attackers successfully applying for jobs in targeted companies, stealing sensitive information to further tech development at home, and deploying ransomware when discovered as a way to deliver extra funds back home. In the 2025 DDR, Microsoft calls on governments as well as private organizations to increase intelligence sharing and training. Microsoft also believes that greater security governance could help to provide a deterrent for organizations that might pay a ransom. After all, if you remove the incentive to deploy ransomware, hackers will (theoretically) stop deploying ransomware. Microsoft also says that fighting against the rapidly evolving security environment is a societal challenge as the economic, governmental, and social systems we rely on are in grave danger. Deterrence is the goal, with governments calling out nation-state attacks and applying sanctions, offering real world consequences for hostile nations.

Russia, China crank up AI-powered cyberattacks on the U.S., Microsoft warns

Russia, China, Iran, and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023. The findings, published Thursday in Microsoft's annual digital threats report, show how foreign adversaries are adopting new and innovative tactics in their efforts to weaponize the internet as a tool for espionage and deception. AI's potential said to be exploited by US foes America's adversaries, as well as criminal gangs and hacking companies, have exploited AI's potential, using it to automate and improve cyberattacks, to spread inflammatory disinformation and to penetrate sensitive systems. AI can translate poorly worded phishing emails into fluent English, for example, as well as generate digital clones of senior government officials.

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US

WASHINGTON (AP) -- Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023. The findings, published Thursday in Microsoft's annual digital threats report, show how foreign adversaries are adopting new and innovative tactics in their efforts to weaponize the internet as a tool for espionage and deception. AI's potential said to be exploited by US foes America's adversaries, as well as criminal gangs and hacking companies, have exploited AI's potential, using it to automate and improve cyberattacks, to spread inflammatory disinformation and to penetrate sensitive systems. AI can translate poorly worded phishing emails into fluent English, for example, as well as generate digital clones of senior government officials. Government cyber operations often aim to obtain classified information, undermine supply chains, disrupt critical public services or spread disinformation. Cyber criminals on the other hand work for profit by stealing corporate secrets or using ransomware to extort payments from their victims. These gangs are responsible for the wide majority of cyberattacks in the world and in some cases have built partnerships with countries like Russia. Increasingly, these attackers are using AI to target governments, businesses and critical systems like hospitals and transportation networks, according to Amy Hogan-Burney, Microsoft's vice president for customer security and trust, who oversaw the report. Many U.S. companies and organizations, meanwhile, are getting by with outdated cyber defenses, even as Americans expand their networks with new digital connections. Companies, governments, organizations and individuals must take the threat seriously if they are to protect themselves amid escalating digital threats, she said. "We see this as a pivotal moment where innovation is going so fast," Hogan-Burney said. "This is the year when you absolutely must invest in your cybersecurity basics," US is a popular target The U.S. is the top target for cyberattacks, with criminals and foreign adversaries targeting companies, governments and organizations in the U.S. more than any other country. Israel and Ukraine were the second and third most popular targets, showing how military conflicts involving those two nations have spilled over into the digital realm. Russia, China and Iran have denied that they use cyber operations for espionage, disruption and disinformation. China, for instance, says the U.S. is trying to " smear " Beijing while conducting its own cyberattacks. North Korea has pioneered a scheme in which it uses AI personas to create American identities allowing them to apply for remote tech jobs. North Korea's authoritarian government pockets the salaries, while the hackers use their access to steal secrets or install malware. It's the kind of digital threat that will face more American organizations in the years to come as sophisticated AI programs make it easier for bad actors to deceive, according to Nicole Jiang, CEO of Fable, a San Francisco-based security company that uses AI to sniff out fake employees. AI is not only a tool for hackers, but also a critical defense against digital attackers, Jiang said. "Cyber is a cat-and-mouse game," she said. "Access, data, information, money: That's what they're after."

Russia, N. Korea, China upping AI use to escalate cyberattacks on US - The Korea Times

WASHINGTON -- Russia, China, Iran and North Korea have sharply increased their use of artificial intelligence to deceive people online and mount cyberattacks against the United States, according to new research from Microsoft. This July, the company identified more than 200 instances of foreign adversaries using AI to create fake content online, more than double the number from July 2024 and more than ten times the number seen in 2023. The findings, published Thursday in Microsoft's annual digital threats report, show how foreign adversaries are adopting new and innovative tactics in their efforts to weaponize the internet as a tool for espionage and deception . America's adversaries, as well as criminal gangs and hacking companies, have exploited AI's potential, using it to automate and improve cyberattacks, to spread inflammatory disinformation and to penetrate sensitive systems. AI can translate poorly worded phishing emails into fluent English, for example, as well as generate digital clones of senior government officials . Government cyber operations often aim to obtain classified information, undermine supply chains, disrupt critical public services or spread disinformation. Cyber criminals on the other hand work for profit by stealing corporate secrets or using ransomware to extort payments from their victims. These gangs are responsible for the wide majority of cyberattacks in the world and in some cases have built partnerships with countries like Russia. Increasingly, these attackers are using AI to target governments, businesses and critical systems like hospitals and transportation networks, according to Amy Hogan-Burney, Microsoft's vice president for customer security and trust, who oversaw the report. Many U.S. companies and organizations, meanwhile, are getting by with outdated cyber defenses, even as Americans expand their networks with new digital connections. Companies, governments, organizations and individuals must take the threat seriously if they are to protect themselves amid escalating digital threats, she said. "We see this as a pivotal moment where innovation is going so fast," Hogan-Burney said. "This is the year when you absolutely must invest in your cybersecurity basics," The U.S. is the top target for cyberattacks, with criminals and foreign adversaries targeting companies, governments and organizations in the U.S. more than any other country. Israel and Ukraine were the second and third most popular targets, showing how military conflicts involving those two nations have spilled over into the digital realm. Russia, China and Iran have denied that they use cyber operations for espionage, disruption and disinformation . China, for instance, says the U.S. is trying to " smear " Beijing while conducting its own cyberattacks . North Korea has pioneered a scheme in which it uses AI personas to create American identities allowing them to apply for remote tech jobs. North Korea's authoritarian government pockets the salaries, while the hackers use their access to steal secrets or install malware. It's the kind of digital threat that will face more American organizations in the years to come as sophisticated AI programs make it easier for bad actors to deceive, according to Nicole Jiang, CEO of Fable, a San Francisco-based security company that uses AI to sniff out fake employees. AI is not only a tool for hackers, but also a critical defense against digital attackers, Jiang said. "Cyber is a cat-and-mouse game," she said. "Access, data, information, money: That's what they're after."