- Cybercriminals leverage GenAI to accelerate attack creation
- Campaigns prioritize speed and scalability over sophistication
- Report shows basic tactics still bypass defenses
Cybercriminals are making their way into enterprise environments using generative artificial intelligence (GenAI) to make launching attacks faster and easier, a study suggests, noting that while the attacks are less sophisticated than those without AI, it’s a tradeoff that cybercriminals are apparently happy to make.
HP Wolf Security’s latest Threat Insights report claims to have found that AI tools are being used in a variety of ways. In one campaign, a fake PDF invoice contained a link triggering a download from a compromised site, before redirecting the victim to a trusted platform.
In another case, the crooks used commercially available malicious components and optimized them with custom lures and payloads. This allows them to “quickly create, personalize and scale campaigns with minimal effort.”
Piggyback attacks
Researchers also observed a so-called “piggyback” attack, in which malware was hidden in fake Teams installers.
Victims download a malicious installer package with hidden Oyster Loader malware leveraging the Teams installation process. So, while installing the real application, victims do not notice the infection happening in the background.
“It’s the classic project management triangle: speed, quality and cost. You often sacrifice one of them. What we’re seeing is that many attackers are optimizing for speed and cost, not quality,” said Alex Holland, principal threat researcher at HP Security Lab.
“They’re not using AI to raise the bar; they’re using it to go faster and reduce effort. The campaigns themselves are basic but the uncomfortable reality is that they still work.”
Looking at the report, it would appear that quality is not the determining factor here. According to HP telemetry, at least 14% of malicious emails successfully bypassed one or more email gateway scanners, suggesting that the “low quality, high quantity” approach is working. The most popular delivery types were executable files (37%), .ZIP archives (11%), and .DOCX files (10%).
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
