Check Point Software’s global ThreatCloud AI network shows cybercriminals are not only sticking to old tactics but are increasingly adopting artificial intelligence, creating a more dangerous and sophisticated threat landscape.
This shift is forcing defenders to rethink how they protect organisations and individuals, as attackers use AI to scale, personalise, and automate attacks in ways that were previously difficult or costly.
“The swift adoption of AI by cyber criminals is already reshaping the threat landscape,” said Lotem Finkelstein, Director of Check Point Research. “While some underground services have become more advanced, all signs point toward an imminent shift—the rise of digital twins. These aren’t just lookalikes or soundalikes, but AI-driven replicas capable of mimicking human thought and behaviour. It’s not a distant future, it’s just around the corner.”
Ransomware is no longer just about locked files
Ransomware has evolved beyond simple encryption. Attackers increasingly exfiltrate copies of sensitive data before encrypting systems, then use threats to publish or sell that data as leverage. This multiplies the pressure on victims, because restoring backups no longer guarantees that confidential information remains private.
Attack groups often layer additional tactics into their extortion campaigns: distributed denial-of-service (DDoS) attacks to take websites offline, direct outreach to customers to intensify reputational harm, or public disclosure of intellectual property. In practice, that means a manufacturing firm hit by ransomware may face both operational downtime and the risk of secret product designs being leaked—creating stronger incentives to pay.
Check Point’s telemetry identifies healthcare, education, and government services as frequent targets. These sectors deliver essential services, so disruptions can cause immediate harm and increase pressure on organisations to resolve incidents quickly, which attackers exploit.
AI is amplifying criminal capabilities
While AI helps defenders detect and respond to threats more effectively, criminals are also using AI to enhance their tools and tactics. Check Point highlights several trends that make attacks more convincing, evasive, and scalable:
- Highly convincing phishing: AI can craft personalised, believable emails, messages, and voice clones that bypass basic user skepticism.
- Biometric and identity bypass: Deepfakes and voice synthesis can be used to defeat certain identity verification systems.
- Adaptive malware: AI-assisted malware can change its indicators of compromise, making detection by signature-based tools far less reliable.
- Automated vulnerability discovery: AI can scan large attack surfaces quickly and prioritize exploitable weaknesses for attackers.
- Attack automation: Steps like reconnaissance and lateral movement can be automated with AI scripts, increasing the speed and reach of intrusions.
Generative AI is already being used to produce more evasive malware and scale highly targeted spear-phishing campaigns. These capabilities lower the skill threshold needed to deploy advanced attacks, meaning less experienced actors can mount sophisticated operations at scale.
The internal threat: poisoning AI training data
Another emerging risk is tampering with AI models themselves. Known as “LLM poisoning,” this involves introducing malicious or biased data during model training so the AI later produces harmful outputs. It’s comparable to contaminating a water source: once poisoned, the model may unknowingly propagate dangerous code, misinformation, or biased guidance.
While major providers have robust controls, attackers have already succeeded in real-world incidents. For example, compromised models uploaded to public repositories have distributed malicious code when downloaded—mirroring traditional supply chain attacks. Modern models that ingest live internet data during inference are also vulnerable to manipulation via tainted web content designed to influence model responses in real time.
Mobile devices and the cloud remain priority targets
Both Android and iOS devices continue to attract malicious actors. Fake banking apps, spyware, and credential-stealing tools spread through unofficial app stores and sometimes slip into official stores. Mobile devices often contain sensitive information and credentials, making them attractive entry points.
Cloud infrastructure is another frequent focus. Misconfigured storage, weak credentials, and overly permissive access controls expose databases and services to automated scanning and compromise. Attackers increasingly target APIs and cloud-native components, so shifting to the cloud requires a security-first approach rather than relying on legacy perimeter defences alone.
Beyond everyday cybercrime, geopolitics plays out in cyberspace: state-sponsored groups target critical infrastructure, conduct espionage, or spread disinformation. Supply chain attacks—where trusted software providers are compromised to distribute malicious updates—remain an efficient method to reach many victims at once.
AI can defend as well as attack: prevent incidents before they occur
Check Point stresses that prevention is more effective and cost-efficient than reactive recovery. Organisations should prioritize proactive measures and modernise their security posture to handle evolving AI-driven threats. Key recommendations include:
- Integrate security tools: Ensure security products interoperate to provide coordinated detection and response across the environment.
- Emphasize threat blocking: Deploy solutions capable of identifying and stopping new, unknown threats—such as advanced sandboxing and anti-phishing technologies.
- Use up-to-date threat intelligence: Leverage real-time intelligence, often powered by AI, to understand attacker techniques and indicators.
- Keep systems patched: Regularly update software and firmware to close known vulnerabilities attackers exploit.
- Harden cloud configurations: Review permissions, secure data stores, and protect APIs to reduce exposure in cloud environments.
- Protect mobile endpoints: Use mobile security controls and educate users to avoid risky apps and links.
- Train staff: Regular security awareness training helps employees recognise phishing and social-engineering attempts.
- Validate AI sources: Carefully vet AI models and data sources, avoiding untrusted repositories and understanding the risk of poisoned models.
“In this AI-driven era, cybersecurity teams need to match the pace of attackers by integrating AI into their defences,” Finkelstein said.
The core message from Check Point is clear: cyber risk is rising as AI tools fall into the wrong hands and attackers continuously refine their methods. Organisations must adopt proactive, integrated security strategies to reduce risk rather than relying on reactive clean-up after incidents.
(Photo by Glen Carrie)
92% of cyber-attacks use AI – learn how to stop them at an upcoming webinar
Learn practical strategies to strengthen security against the next wave of sophisticated attacks at a free webinar titled “Your Best Defense Against 2025’s Most Dangerous Phishing Attacks” on 15 May 2025 at 2pm ET / 7pm BST. Registration details are available from the event organiser.
Interested in cybersecurity and cloud topics? Consider attending Cyber Security & Cloud Expo, which runs events in Amsterdam, California, and London and is co-located with conferences on digital transformation, IoT, blockchain, and AI and big data.
Explore other upcoming enterprise technology events and webinars powered by TechForge.