1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Democratized cybercrime: a new lower bar for hackers and higher s

    From TechnologyDaily@1337:1/100 to All on Friday, June 27, 2025 09:15:07
    Democratized cybercrime: a new lower bar for hackers and higher stakes for security

    Date:
    Fri, 27 Jun 2025 08:03:54 +0000

    Description:
    The rise and evolution of phishing attacks, and how technologies such as AI continue to lower the bar for threat actors to execute attacks.

    FULL STORY ======================================================================

    Phishing has long been a staple of cybercrime, historically betrayed by
    clumsy spelling, suspicious URLs and poor formatting. Today, however, the rules have changed. What once required technical knowledge, time, and effort can now be executed with frightening ease by virtually anyone.

    Thanks to generative AI, automation , and easy access to malicious toolkits, the barrier to entry for cybercrime is fast collapsing. Phishing emails are now convincingly written, well branded, and often hyperpersonalized. Deepfake audio and video tools make it possible to impersonate trusted individuals in real time.

    Even entry level attackers can now deploy high quality campaigns that look
    and sound legitimate. Ironically, a spelling error might be the only clue
    that a message was created by a real human, rather than an AI.

    Meanwhile, across the business world the stakes for defenders are rising
    fast. As multichannel attacks grow in scale and sophistication, even experienced employees are falling victim. In this new landscape, the cost of inaction isnt just a data breach- its operational disruption, financial loss, and lasting reputational damage. Lets unpack how advancements in technologies such as AI expands the talent pool for threat actors. Social engineering made scalable

    Phishing may be evolving but it still hinges on the same psychological
    tricks: urgency, trust, and fear. But where scams were once generic and mass distributed, AI now allows attackers to tailor them at scale. The result? A surge in spearphishing - targeted messages crafted with context to deceive specific individuals.

    According to the OpenText 2025 Cybersecurity Threat Report, November 2024 saw the highest rate of spearphishing to date, making up 56.56% of all phishing activity. Attackers no longer have to choose between volume and precision- they can get the best of both worlds. And with users increasingly conditioned to trust branded platforms, phishing emails delivered via Google Docs or Amazon AWS (living off the land techniques) are slipping past defenses unchecked.

    This democratization of tools means that cybercrime no longer requires deep expertise- just access to the right AI tools and a few stolen credentials. Thats a worrying trend for businesses who rely on traditional training to build user awareness. Keeping pace means continuously updating training to reflect emerging tactics, particularly those that blend email, SMS, voice and video across channels. AI and automation, cybercrimes force multiplier

    The rise of generative AI has redefined the phishing threat. Not only are messages more convincing, but campaigns are faster to build, harder to
    detect, and significantly more dangerous. Deepfakes, once the domain of state actors, are now available to anyone with an internet connection.

    This sharp rise in attack sophistication is mirrored in infection trends. In 2024, malware infections on business PCs jumped yet again from 1.86% to
    2.39%- the steepest increase since 2020. And its not just the first hit that hurts: 43% of affected business endpoints were reinfected within the year.
    For consumers, the number is even higher, at 56%.

    Attackers are increasingly using .zip files as a delivery mechanism, now the most popular format for malware laden attachments, making up 53% of the
    total. Their perceived legitimacy, combined with password protection (often provided in the email), creates a perfect storm of trust and risk.

    AI isnt just raising the quality of phishing, its removing the learning
    curve. Thats what makes todays threat environment fundamentally different
    from even two years ago.

    To counter this, organizations must fight fire with fire: deploy AI-enabled security tools that learn and adapt as quickly as attackers methods evolve. From inbox to checkout

    Phishing is no longer confined to email inboxes. Attackers have expanded into ecommerce , financial platforms, and cryptocurrency ecosystems - anywhere users engage digitally and make decisions quickly.

    During busy shopping periods, scammers launch fake order confirmations and spoofed storefronts to steal payment details. Fraudulent investment schemes targeting decentralized finance and crypto wallets are also on the rise,
    often engineered with the same social engineering techniques seen in traditional phishing.

    The OpenText report notes that phishing attacks are becoming more opportunistic, with over 235 million malware emails quarantined in 2024. Zip attachments dominate due to their effectiveness in bypassing user skepticism, and their ability to mask malicious content under the guise of security. This shift underscores a critical point: phishing is no longer just about access - its about fraud, financial theft, and long-term compromise. The digital trust model that underpins modern commerce is being weaponized.

    Cybersecurity strategies must now span customer journeys, supply chains, and transaction flows, not just internal email systems. Going forward

    Phishing has evolved into a democratized, AI powered weapon, used by threat actors of all skill levels to exploit human trust and unlock IT
    infrastructure . The tools are widely available, the learning curve is shrinking, and the consequences of even one successful attack are growing.

    This new era demands a new mindset. Defensive efforts must shift from
    reactive to proactive, combining real time threat detection with intelligent automation and continuous user education. Our data shows that companies using layered defenses, such as endpoint and DNS protection, experience 19.4% fewer infections than those relying on endpoint security alone.

    In short, cyber resilience is no longer a mere competitive advantage - its imperative for survival.

    Business leaders must act now. Audit your digital defenses, modernize your detection tools, and raise cyber awareness and response readiness at every level. Because when attackers can operate with minimal effort, organizations must respond with maximum intent.

    We list the best online cybersecurity course .

    This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



    ======================================================================
    Link to news story: https://www.techradar.com/pro/democratized-cybercrime-a-new-lower-bar-for-hack ers-and-higher-stakes-for-security


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)