- Cybercriminals are leveraging GenAI to speed up the creation of attacks
- Campaigns prioritize speed and scale over sophistication
- The report shows basic tactics that still elude the defense
Cybercriminals are “vibe-hacking” their way into corporate environments by using Generative Artificial Intelligence (GenAI) to make it faster and easier to launch attacks, research has claimed, noting that while the attacks are less sophisticated compared to non-AI, this is a trade-off cybercriminals seem happy to make.
The latest Threat Insights report from HP Wolf Security claims to have seen AI tools being used in various ways. In one campaign, a fake invoice PDF contained a link that triggered a download from a compromised website before redirecting the victim to a trusted platform.
In another, the crooks used off-the-shelf malware components and optimized them with custom decoys and payloads. This allows them to “quickly build, customize and scale campaigns with minimal effort”.
Piggyback attack
The researchers also observed a so-called “piggyback” attack, where malware was hidden in fake Teams installers.
Victims will download a malicious installation package with a hidden Oyster Loader malware that can piggyback on the Teams installation process. So while the real app gets installed, victims don’t notice that the infection is happening in the background.
“It’s the classic project management triangle – speed, quality and cost. You often sacrifice one of them. What we’re seeing is that many attackers are optimizing for speed and cost, not quality,” said Alex Holland, Principal Threat Research, HP Security Lab.
“They’re not using AI to raise the bar; they’re using it to move faster and reduce effort. The campaigns themselves are basic, but the uncomfortable reality is that they still work.”
Looking at the report, it seems that quality is not the deciding factor here. According to HP’s telemetry, at least 14% of malicious emails managed to bypass one or more email gateway scanners, suggesting that the “low quality, high quantity” approach is working. The most popular delivery type was executable files (37%), .ZIP archives (11%) and .DOCX files (10%).
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
