According to Check Point Software, based on what they’re seeing across their global ThreatCloud AI network, cybercriminals aren’t just sticking to the old threat playbook—they’re getting smarter, using AI.
It seems we’re facing a worrying shift in how digital crooks operate, bringing fresh headaches for defence teams around the world.
“The swift adoption of AI by cyber criminals is already reshaping the threat landscape,” said Lotem Finkelstein, Director of Check Point Research.
“While some underground services have become more advanced, all signs point toward an imminent shift—the rise of digital twins. These aren’t just lookalikes or soundalikes, but AI-driven replicas capable of mimicking human thought and behaviour. It’s not a distant future, it’s just around the corner.”
Ransomware isn’t just locked files anymore
We all know ransomware is bad news – locking up precious files and demanding cash to get them back. But, according to Check Point, cybercriminals are increasingly not just encrypting data but stealing a copy of it first.
Not only are your systems frozen, but the attackers also threaten to leak your sensitive company secrets, customer details, or embarrassing information online if you don’t pay up. Some gangs even throw in extra punches, like knocking your website offline with a DDoS attack or directly contacting your customers to pressure you. It’s multi-layered blackmail, pure and simple.
Think about a manufacturing firm: they get hit by ransomware, refuse to pay, then the attackers threaten to post their secret product designs online. Suddenly, restoring from backups isn’t enough. The game has changed, and the pressure to pay becomes immense.
Who’s getting hit hardest? Check Point’s data often points towards healthcare, schools, and government services. Why? Because these organisations provide vital services, and the criminals know downtime is incredibly damaging, making them potentially more likely to pay quickly. The real-world impact on people needing treatment or education when these services are disrupted is huge.
AI is supercharging the criminal threat toolkit
We hear so much about how AI can help us spot threats faster and build better defences. And that’s true, but the flip side is that criminals are grabbing these AI tools with both hands.
Check Point highlights several ways AI is making the jobs of cybercriminals easier:
- Convincing phishing emails: Forget badly spelled emails from Nigerian princes, AI can write convincing fake emails, social media messages, and even mimic voices.
- Bypassing identity verification: The ability to mimic voices and create deepfake videos can even bypass traditional digital identity verification systems.
- Sneakier malware: AI can help write malicious software that constantly changes its digital fingerprint, making it harder for standard antivirus programs to catch. It’s like a chameleon blending into the background.
- Finding weak spots: AI tools can scan for security holes in software or systems much quicker than a human hacker could, pinpointing vulnerabilities to exploit.
- Putting attacks on autopilot: Some parts of a cyberattack, like scouting out a network or moving around once inside, could be automated using AI scripts to make attacks faster and broader.
We are observing threat actors utilising generative AI to create more evasive malware and craft spear-phishing campaigns with unprecedented personalisation and scale. This lowers the barrier for entry for sophisticated attacks and demands a new level of vigilance and advanced countermeasures from defenders. It also means even less skilled criminals can potentially launch more advanced attacks.
The risk within: Poisoning the AI wells
But it’s not just about how criminals use AI to pose a threat; there’s also the growing worry about attacking the AI models themselves. Security researchers, including those at Check Point, are increasingly sounding the alarm about “LLM poisoning” where attackers deliberately feed malicious or biased data into an AI model during its training phase.
Think of it like subtly poisoning a well. Once tainted, the AI might start spitting out harmful code, misinformation, or biased results later on—without anyone realising it until it’s too late.
Getting poisoned data past major players like OpenAI or Google is tough, but not impossible. And it’s already happened in the real world. A major case involved attackers managing to upload around 100 compromised AI models onto Hugging Face. These poisoned models could then spread malicious code when people downloaded and used them, much like traditional software supply chain attacks.
Worryingly, it’s not just about corrupting the initial training data anymore. Many modern AIs pull in live information from the internet while they’re working (the ‘inference stage’). Attackers are looking for ways to plant booby-trapped information online where they know AIs will find it, potentially manipulating their outputs in real-time.
Your phone and the cloud are still major targets
Check Point points out that both Android and iPhones are major targets. Malicious banking apps designed to steal your login details, or spyware watching everything you do, often get spread through fake apps on unofficial stores, or sometimes they even sneak onto the real app stores.
And the cloud? While it offers amazing flexibility, it’s also a playground for attackers if not locked down properly. Check Point’s data consistently shows criminals scanning for simple mistakes: databases left open to the internet, weak passwords, or poorly set-up security permissions.
Attackers are also getting smarter about targeting the digital plumbing (APIs) that connects cloud services. Moving to the cloud is great, but you have to rethink security—simply putting up a firewall isn’t enough anymore.
Beyond the everyday cybercrime, Check Point also keeps an eye on the bigger picture. Tension between countries often spills over into cyberspace, with state-sponsored groups involved in spying, targeting critical infrastructure like power grids, or spreading disinformation.
Plus, there’s the constant worry of supply chain attacks—where hackers break into a trusted software provider to sneak malware into updates pushed out to thousands of customers. It remains an efficient way for cybercriminals to cause widespread chaos.
AI isn’t just a threat: Stop attacks before they happen
Faced with all this, Check Point argues strongly that waiting to clean up the mess after an attack is the wrong approach. It’s far better (and cheaper) to prevent attacks from succeeding in the first place.
Their key advice usually boils down to these practical steps:
- Get your security tools working together: Having lots of different security tools that don’t talk to each other leaves gaps. Aim for a setup where everything works as one system.
- Focus on blocking threats: Use modern tools that can spot and stop brand new threats, not just the known ones. Think advanced sandboxing (testing files safely) and smart anti-phishing tech.
- Know your enemy: Use up-to-the-minute threat intelligence, often powered by AI itself, to understand the latest tricks criminals are using.
- Patch, patch, patch: It’s perhaps obvious, but keep all your software and systems updated. Those updates often fix the security holes hackers seek to exploit.
- Lock down your cloud: Double-check your cloud settings. Make sure you know who has access to what, and that data is properly secured.
- Protect mobile devices: Use mobile security apps and, crucially, teach people not to click on suspicious stuff.
- Train your people: Your staff can be your best defence or your weakest link. Regular training helps them spot phishing scams and other tricks.
- Vet your AI: Be cautious about the AI models and data sources you use, especially from less trusted or open platforms. Understand the potential for poisoning.
“In this AI-driven era, cybersecurity teams need to match the pace of attackers by integrating AI into their defences,” commented Finkelstein.
The main takeaway from Check Point: the online world is getting riskier, thanks partly to clever AI tools falling into the wrong hands and criminals constantly upping their game. Sitting back and hoping for the best isn’t going to cut it.
(Photo by Glen Carrie)
See also: SK Telecom issues free SIM replacements following hack
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
