There is a lot of discussion about AI, it’s benefits to society in general and its undoubted downside.  It’s a fascinating subject and AI can really become the gift that keeps on giving, but a downside for those of us concerned with cyber security, and really that should be all of us, is that we’ve always played catch up to the cyber criminals, trying and often failing to anticipate what the next attack will be, what the next series of attacks will be.  Will it be ransomware, denial of service or perhaps a new and more sophisticated scam?  Who knows?  And there is no doubt that AI is raising the bar.

I have talked a lot about the re-emergence of the script kiddie and how AI in enabling this breed of wannabe criminals.  For those who maybe don’t now, a script kiddie was a low level, part skilled hacker, who downloaded scripts from the dark web, put there by the more competent hacker who hoped to sell them.  The script kiddie would use those scripts to try and attack targets.  But it’s also true that the more skilled and sophisticated criminal is making use of AI and finding new and innovative ways of relieving you of your hard-earned cash.

What we are seeing in 2025 is an era where cyber‑attacks are AI‑powered, highly targeted, automated, supply‑chain enabled, multi‑stage, and geopolitically driven. These attacks exploit weaknesses across credential systems, zero‑day exploits, deepfake tools, and ransomware as a service (RaaS) platforms.

We are in an accelerating digital arms race that calls for AI‑driven defence capabilities, real‑time insights, deception environments, zero‑trust architectures, and quantum‑safe cryptography.

a. AI-powered precision and scale

• Cybercriminals are leveraging AI to automate vulnerability scans at astonishing speeds, up to 36,000 scans per second, resulting in massive volumes of stolen credentials (1.7 billion) and drastic upticks in targeted attacks.
• AI is also generating hyper-realistic phishing messages, deepfake audio/video, and even “CEO fraud” to manipulate individuals into transferring funds, like a deepfake trick that siphoned US $25 M in Hong Kong.

b. Ransomware as a Service (RaaS) 3.0

• RaaS platforms now enable less skilled attackers to run ransomware, complete with support and updates. Over 70% of attacks now use these services.
• Attackers have shifted to double/triple extortion schemes, encrypting data, threatening to leak it, and sometimes targeting associated partners or customers.
• Next-gen ransomware, e.g. LockBit 4.0, BianLian etc, is rolling out advanced stealth, data theft, and automated lateral movement techniques, ie using an initial breach to jump across to other parts of your network or that of your partners and customers.

c. Supply‑chain & third‑party infiltration

• Attacks starting via third-party software or vendors (e.g., SolarWinds-style) allow hackers to move laterally into networks and compromise multiple organisations simultaneously.

d. State‑sponsored & geopolitical cyber warfare

• Nation-states (China, Russia, Iran, North Korea) are not just using espionage but now partnering with ransomware gangs to conduct financially and politically motivated operations.
• Iranian state-aligned hackers are conducting sophisticated credential theft, MFA bypass, lateral infiltration, DDoS, website defacements, and disinformation across geographies.

e.  Zero‑days and living‑off‑the‑land

• Exploit kits now rapidly find zero-day vulnerabilities, especially in cloud environments, to bypass patching cycles.
• Attackers increasingly use built-in legitimate software and system tools (living off the land) to evade detection.

f.  Credential theft resurgence

• Reported credential theft incidents rose 300% from 2023 to 2024, with 25% of malware focused on stealing login data.
• These stolen credentials are a gateway for automated brute‑force, lateral movements, and supply‑chain infiltration.

g.  Targeting of IoT, OT & mobile platforms

• Millions of IoT and OT systems (from manufacturing to agriculture) remain insecure and are now common targets of AI‑driven automated attacks.
• Mobile‑specific ransomware is emerging; threat actors are developing malware to extort victims directly via their mobile devices.

h.  Rise of deception technology and defence adaptability

• In response, organisations are deploying deception tech (honeypots, decoys) to detect lateral intrusions or zero-day exploits in real time.
• Proactive threat intelligence, zero‑trust frameworks, AI‑driven detection, and adoption of post‑quantum cryptography are becoming critical defensive measures.

SMEs still have the mind-set that these attacks are just about the corporate sector and that they are safe because they are small and not worth targeting.  Wrong.  SMEs are considered low hanging fruit because they typically spend much less on their defences and tend not to have access to the right levels of support and advice.  SMEs make up over 90% of the UK GDP, that’s huge and it makes them worth attacking if, for example, a nation state wanted to cripple the UK economy.  AI automation makes this much easier to achieve and attackers at all levels can leverage AI to automate attacks against multiple SMEs at the same time using the same methods.  If they attack 1000 SMEs at once, and get a 50% hit rate, that is good business for them.

We are seeing AI letting attackers scan thousands of targets at once, deploy malware bots and use brute force tools.  They are automating phishing and social engineering allowing them to deepfake audio and video, using cloned voices to mimic senior personnel in companies.  Don’t be lulled into a false sense of security, AI makes this a relatively easy thing to do, doesn’t take high levels of skill, and is highly automated.

There is a real fear that traditional firewalls and spam filters used by most SMEs may fail to detect these advanced threats.

In summary AI-driven cyberattacks pose a significant and growing threat to small and medium-sized enterprises (SMEs). While larger corporations may have the resources to defend themselves, SMEs are often more vulnerable due to limited cybersecurity budgets, staffing, and expertise.