Resources Blogs Redefining Risk: How AI-Powered Cyberattacks are Shaping the Cybersecurity Landscape

Redefining Risk: How AI-Powered Cyberattacks are Shaping the Cybersecurity Landscape

author
calendar08/01/2025
clock8 min read
feature image

book open Table of Contents

In the first half of 2025, cyberattacks grew significantly in both volume and complexity, with Gartner attributing this surge to the expanding digital attack surface driven by generative AI (GenAI). Despite cybersecurity being a top priority for over 4,000 business and technology leaders surveyed in PwC's 2025 Global Digital Trust Insights report, only 2% of organizations have implemented cyber resilience strategies across their entire enterprise. This gap is alarming, as threat actors are becoming increasingly bold and technologically sophisticated — disrupting critical sectors and heightening global risk exposure for businesses.

Recent research findings paint a concerning picture: 

  • The use of vulnerability exploitation as an initial access method in data breaches increased by 34% compared to 2024, now representing 20% of all breaches.
  • Ransomware attacks jumped 37% in the past year alone, now appearing in 44% of all data breaches, according to a 2025 Verizon Data Breach Investigations Report.
  • By 2027, AI agents are expected to cut the time it takes to exploit account exposures by 50%, according to Gartner. These agents automate credential theft, social engineering, and deepfake-based impersonation attacks.
  • Counterfeit reality attacks are on the rise: It is predicted that by 2028, 40% of social engineering attacks will target executives and employees using deepfake audio/video. These attacks are appearing more credible and harder to detect, especially in real-time communications.

The traditional cat-and-mouse game has fundamentally changed. The mouse now has access to AI, and AI-assisted attacks are accelerating faster than many security teams can keep up. In this post, we’ll break down how traditional attack methods have transformed, explore real-world cases of AI-powered cybercrime, and share practical insights to bolster your cyber resilience in this new era.

How the Threat Landscape Has Evolved

Today’s cyberthreats look very different from those in recent years. Let’s break down what sets the new AI-powered landscape apart from traditional attacks and why that matters for every organization’s security strategy.

  • From Static and Manual to Adaptive and Autonomous: Heightened Sophistication

Traditional malware, such as ransomware and trojans, relies on static code and manual operation. In contrast, weaponized AI agents are adaptive and autonomous, capable of learning from defenses and adjusting strategies in real time without human oversight. These advanced AI tools can identify vulnerabilities, craft convincing and hyper-targeted phishing messages, and continuously evolve tactics to evade detection, often outpacing human defenders. As noted by the MIT Technology Review, this marks a significant escalation in the speed and sophistication of cyberthreats.

  • Unprecedented Speed, Scale, and Personalization

The shift from human-directed to autonomous attacks has dramatically changed the threat landscape. The speed and scale of AI-aided attacks are at levels that we have not seen before. The ability of threat actors to automate tasks – such as running vulnerability scanning, conducting reconnaissance, and launching tailored attacks – has made the landscape more dangerous. The average “breakout time,” which refers to how quickly attackers move laterally after gaining accesshas dropped to just 48 minutes, with some attacks taking as little as 27 minutes.

It’s not just about speed and quantity. AI scours the web for personal data, making lures strikingly authentic and tailored to each victim. Cybercriminals are using AI to automate and accelerate attacks, from crafting convincing, personalized phishing messages to bypassing security systems. This “Dark AI” enables faster, more scalable threats. Meanwhile, cybersecurity teams are racing to develop “Good AI” tools to detect and counter these evolving, AI-driven attack strategies.

  • Stronger Economic Incentive: More Attacks, Lower Barriers 

The economic appeal of cybercrime has never been greater. AI-driven automation significantly lowers the barrier to entry, meaning attackers need far less technical skill, time, or resources to launch sophisticated campaigns. With open-source AI tools, even small criminal groups can automate phishing, rapidly scan for vulnerabilities, and deploy malware at scale, making high-impact attacks accessible to more actors.

This surge in accessible, scalable tactics has unleashed a flood of attacks. Reports project global cybercrime costs will reach $10.5 trillion annually by 2025, fueled by ransomware, deepfakes, and supply chain attacks powered by AI. Simply put, cheap, easy access to AI means more criminals can profit more quickly, driving both the frequency and the scale of cyberthreats to unprecedented levels.

Real-World Examples of AI-Powered Cyberattacks 

Here are some examples of threat actors that have been observed to utilize AI tools in their attacks: 

  • AI-Driven Ransomware: FunkSec Group 

A threat group known as FunkSec emerged in late 2024 and has targeted over 85 victims worldwide using double extortion, combining encryption of files and threatening to release stolen data. Cybersecurity researchers noted that AI was used to assist in developing the group’s tools, including their encryptor, enabling rapid iteration despite limited technical expertise. The group launched a data leak site featuring breach announcements, distributed denial-of- service (DDoS) tools, and ransomware-as-a-service (RaaS) offerings. Ransom demands from the group were unusually low, starting $10,000, with stolen data sold for $1,000 – $5,000. Most victims are located in the US, India, Italy, Spain, Brazil, Israel, and Mongolia.

This case highlights how AI is beginning to enable even less experienced threat actors with more sophisticated capabilities.

  • Phishing-as-a-Service: Darcula   

Another threat actor group known as Darcula offers a phishing-as-a-service (PhaaS) platform. Darcula’s operators were reported to have integrated GenAI capabilities into their phishing toolkit. These enhancements allow:

  • Automated generation of phishing forms in multiple languages.
  • Customization of form fields to mimic legitimate websites.
  • Translation of phishing content to local languages, increasing the success rate of attacks globally.

While Darcula is primarily a phishing platform, its AI-powered features significantly lower the technical barrier for launching ransomware and smishing campaigns, making it easier for novice cybercriminals to deploy sophisticated attacks.

In summary, FunkSec uses AI to develop ransomware tools and automate attacks, enabling rapid deployment. Meanwhile, Darcula leverages GenAI to craft multilingual phishing pages for stealthier and hyper-targeted attacks. Both lower the technical barrier, empowering less-skilled actors with advanced, AI-driven cyberattack capabilities.

Strengthening Your Cyber Defenses Against AI-Driven Threats

As AI-powered attacks grow more sophisticated, organizations must evolve their defenses to keep pace. Fortifying your cyber defense requires advanced technology, prepared teams, and proactive strategies.

1. Implement AI-Powered Defense Strategies 

Modern cyberthreats demand defense frameworks that match attackers’ sophistication. The AvePoint Confidence Platform has AI-powered security tools to monitor network activity in real time and detect subtle anomalies that traditional solutions cannot. By leveraging behavioral analytics and anomaly detection, these systems spot unusual activity patterns — whether it’s a user logging in at odd hours or data moving in unexpected ways. Integrating machine learning for predictive threat intelligence gives defenders the power to anticipate, rather than merely react to, new threats as AI tools surface patterns no human could see.

2. Build Organizational Readiness 

Your first line of defense isn’t technology — it’s people. It is important to: 

  • Update security awareness training to counter AI-powered phishing and deepfake tactics, so staff recognize novel social engineering risks.
  • Adapt your incident response plans to include the possibility of rapid, multi-vector AI attacks that escalate more quickly than traditional breaches.
  • Foster cross-functional threat intelligence sharing to underscore the importance of collaboration among marketing, HR, and IT teams to report suspicious activity and trends, improving early detection.

3. Enhance the Security of Your Technology Stack 

Robust defense against AI-powered threats starts with a zero-trust architecture that mandates continuous verification of users and devices. This ensures that every access request is thoroughly vetted, minimizing vulnerabilities. Our Data Security Posture Management (DSPM) solutions enable you to:

  • Integrate Extended Detection and Response (XDR). This solution consolidates security tools, enhancing threat detection and incident response. It automates alert correlation, providing a unified view of security incidents.
  • Utilize Advanced Endpoint Detection and Response (EDR). This technology continuously monitors device activity across the organization. It enables early threat detection, allowing teams to address risks swiftly.
  • Adopt Security Orchestration and Automated Response (SOAR). AvePoint’s SOAR tools automate detection, investigation, and remediation processes. This ensures rapid responses to machine-speed attacks, maintaining a proactive security stance. 

The recommendations above are discussed in more detail in our free eBook for actionable insights to help you enhance your cyber resilience: 

4. Establish Proactive, Continuous Security Measures 

Stay ahead by running regular AI red team exercises — simulated attacks driven by AI to uncover new gaps. Ensure continuous security posture assessments with both automated and manual review, so defenses remain current against evolving techniques. Don’t overlook the supply chain: Evaluate vendor and partner risk, particularly as AI-driven attacks may exploit weaknesses outside your direct control.

Blending smart tools, vigilant people, and agile processes positions your organization to remain resilient amid evolving AI-powered threats. 

Turn Insights Into Cyber Resilience with AvePoint

With strong incentives fueling cybercriminal innovation, we can expect both the scale and sophistication of attacks to continue growing — making decisive, proactive defense a non-negotiable priority. With informed vigilance and the right defense strategies, you can outpace evolving risks. Don’t wait until the next incident strikes. Regularly assess your cyber readiness and explore how the AvePoint’s DSPM solutions empower you with AI-powered protection to identify, assess, and manage risks so your organization stays resilient and ready in this new era of cybersecurity.

author

Shyam Oza

Shyam Oza brings over 15 years of expertise in product management, marketing, delivery, and support, with a strong emphasis on data resilience, security, and business continuity. Throughout his career, Shyam has undertaken diverse roles, from teaching video game design to modernizing legacy enterprise software and business models by fully leveraging SaaS technology and Agile methodologies. He holds a B.A. in Information Systems from the New Jersey Institute of Technology.

ransomwareRansomware protectioncybersecuritydata securityDSPM