
Examples of how cybercriminals are using artificial intelligence in their operations:
– Automated Phishing Campaigns
• Example: Threat actors use LLMs to generate highly convincing phishing emails with flawless grammar and context-aware personalization. These AI-generated messages can mimic the writing style of known contacts, making them difficult to distinguish from legitimate communications.
• Impact: This tactic increases the success rate of targeted phishing campaigns by bypassing common red flags that typically alert users to fraudulent emails.
– Generative Profiling for Social Engineering
• Example: LLMs assist attackers in creating detailed social engineering profiles by analyzing social media posts, publicly available data, and other online content. By synthesizing this information, adversaries can tailor their messages to the victim’s interests, work relationships, and recent activities.
• Impact: The accuracy of AI-enhanced profiles raises the likelihood that targets will trust and engage with attackers, resulting in higher rates of credential theft or unauthorized data access.
– AI-Powered Password Spraying
• Example: AI can be used to analyze patterns in commonly used passwords and more effectively guess variations. LLMs trained on large datasets of leaked credentials can generate realistic password lists tailored to the user base of the target organization.
• Impact: These AI-optimized attacks can evade traditional rate-limiting and lockout mechanisms by distributing attempts across multiple accounts and adapting techniques to minimize detection.
– Voice Phishing Using Deepfakes (Vishing)
• Example: Adversaries have used deep learning models to generate synthetic voices that replicate the tone and speech patterns of specific individuals. For instance, an attacker might impersonate an executive to convince an employee to perform unauthorized financial transactions or disclose sensitive information.
• Impact: The realism of deepfake voice technology makes it harder for employees to detect fraudulent requests, potentially leading to significant financial and reputational damage.
– Improving malware creation
• Example: LLMs can help generate polymorphic malware that changes its code structure to evade signature-based detection. Attackers can also use these models to write new code snippets or improve existing malware to make it more efficient and stealthy.
• Impact: This accelerates the development of advanced malware variants and lowers the technical barrier for less-skilled attackers, increasing the overall volume of malware in circulation.
– AI-Generated Disinformation Campaigns
• Example: Cybercriminals use LLMs to create and distribute disinformation at scale. This includes fabricating fake news articles, social media posts, and comments to influence public opinion or incite panic during critical events such as elections or health crises.
• Impact: Disinformation campaigns can damage reputations, erode trust in institutions, and provoke social unrest. The ability to automate content creation allows attackers to flood information channels, overwhelming fact-checkers and response teams.

As adversaries become more comfortable using AI to enhance their efforts, adoption is expected to accelerate. Cybercriminal groups will use AI to assist in even more activities, such as identifying new vulnerabilities in software code that they can exploit.