Trend Micro Incorporated today issued warnings regarding the potential for highly customized, AI-powered attacks that could significantly elevate the risk of scams, phishing, and influence operations by the year 2025. The company highlighted these forecasts in their cybersecurity predictions report, entitled "The Easy Way In/Out: Securing The Artificial Future."

Jon Clay, the Vice President of Threat Intelligence at Trend Micro, articulated the need for heightened vigilance as generative AI becomes increasingly integrated into businesses and society. "As generative AI makes its way ever deeper into enterprises and the societies they serve, we need to be alert to the threats. Hyper-personalized attacks and agent AI subversion will require industry-wide effort to root out and address," he stated in remarks published by SecurityInfoWatch. Clay emphasized that security risks today are intrinsically linked to business risks, stating, "There's no such thing as standalone cyber risk today. All security risk is ultimately business risk, with the potential to impact future strategy profoundly."

The report underscores the potential emergence of malicious "digital twins," where compromised personal information could be exploited to train large language models (LLMs) to faithfully imitate the knowledge, personality, and writing style of victims or employees. When combined with deepfake technologies and compromised biometric data, these digital twins can be weaponised for identity theft or manipulation, such as "honeytrapping" individuals—enticing them to divulge information or engage in scams.

Among the advanced tactics anticipated for 2025, the report notes significant risks stemming from the use of deepfakes and artificial intelligence in large-scale, hyper-personalized attacks. These attacks may include:

  • Enhanced Business Email Compromise (BEC) and Business Process Compromise (BPC) schemes that utilise AI for convincing impersonations.
  • Targeting victims of "pig butchering" scams, where AI-generated personas might lure individuals into romantic or financial scams before handing them over to human operators.
  • Improved open-source intelligence gathering by cyber adversaries, increasing the effectiveness of pre-attack preparations.
  • Creation of authentic-seeming social media profiles to facilitate the spread of misinformation or scams.

As businesses increasingly adopt AI technologies in 2025, they will also need to be prepared for new threats, including:

  • The potential exploitation of vulnerabilities and the hijacking of AI agents to orchestrate harmful actions.
  • Unintended information leakage from generative AI systems.
  • Resource consumption that is benign or malicious, leading to denial of service conditions.

In addition to AI-generated threats, the report points out broader concerns on the cybersecurity landscape for 2025. These include vulnerabilities such as:

  • Memory management issues, memory corruption bugs, and vulnerability chains targeting APIs.
  • Increased occurrences of container escapes and exploitation of simpler vulnerabilities like cross-site scripting (XSS) and SQL injection attacks.
  • The risk posed by a single vulnerability in a widely used system that could affect multiple models or manufacturers, exemplified by connected vehicle electronic control units (ECUs).

Ransomware remains a critical issue as threat actors evolve their tactics in response to sophisticated endpoint detection and response (EDR) tools. Future attacks may involve:

  • Developing kill chains that exploit platforms lacking robust EDR protection, such as cloud systems, mobile devices, and the Internet of Things (IoT).
  • Techniques to disable antivirus (AV) and EDR solutions, alongside using methods for hiding malicious shellcode.
  • Redirecting execution processes within Windows systems to evade detection.

To address these growing threats and the expanding attack surfaces in modern corporate environments, Trend Micro has suggested that businesses enhance their security postures. The recommendations are positioned as essential strategies but have not been detailed in the current report. Businesses are encouraged to stay informed as new threats develop, indicating a pressing need for proactive measures in cybersecurity.

Source: Noah Wire Services