Report: AI is Supercharging Old-School Cybercriminal Tactics

  • Oct 13, 2025

AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic.

The 2025 Global Threat Report, based on more than 1 billion data points derived from real production environments, finds that generic threats — typically loaders built using AI — jumped 15.5% in the past year, while malicious code execution on Windows nearly doubled to 32.5%.

AI-created malware and easy access to stolen browser credentials are fueling a new class of bad actors who are less reliant on stealth attacks and are leaning into continuous, steady probes for entry into corporate networks.

“Attackers are shifting from stealth to speed, launching waves of opportunistic attacks with minimal effort,” said Devon Kerr, head of Elastic Security Labs and director of Threat Research. “This evolution shows how urgent it is for defenders to harden identity protections and to adapt their detection strategies for this new era of speed attacks.”

Key Findings

Browsers are the new front line

One in eight malware samples targeted browser data, making credential theft the most common sub-technique for access.

Infostealers increasingly exploit Chromium-based browsers to bypass built-in protections.

Execution has overtaken evasion

On Windows, execution tactics nearly doubled to 32%, surpassing defense evasion for the first time in three years.

GhostPulse accounted for 12% of signature events, often delivering infostealers like Lumma (6.67%) and Redline (6.67%).

AI lowers the barrier to entry

Generic threats rose 15.5%, fueled by adversaries using LLMs to churn out simple but effective malicious loaders and tools.

Off-the-shelf malware families remain widely used, with RemCos (9.33%) and CobaltStrike (~2%)

Cloud identity is under siege

Over 60% of cloud security events involved Initial Access, Persistence, or Credential Access.

Authentication gaps in Microsoft Entra ID stood out: 54% of anomalous Azure signals originated from audit logs, climbing to nearly 90% when all Entra telemetry was included.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.