_
GenAI: a formidable weapon for cybercriminals
GenAI, this technology capable of automatically producing realistic and complex content, has emerged as a revolution across various sectors. Initially designed for creative and productive applications, it has reshaped the cybersecurity landscape by enabling attackers to craft faster, more realistic, and more sophisticated attacks.
Faced with this evolution, traditional security solutions often fall short. Cybercriminals are exploiting AI’s capabilities to bypass defensive systems and target victims with alarming precision.
This article explores how GenAI has become a powerful tool for hackers and why NDR (Network Detection and Response) is now a cornerstone in combating AI-driven threats.
The new frontiers of GenAI for cybercriminals
GenAI is powered by machine learning models like GPT (Generative Pre-trained Transformer), which can create text, images, and even video simulations.
Originally developed for legitimate uses such as content creation and customer support, these tools are now being repurposed by cybercriminals, offering them unprecedented opportunities to refine and automate their attacks. Leveraging these technologies, attackers can produce large-scale, hyper-realistic campaigns that are nearly indistinguishable from genuine interactions—even inexperienced hackers can achieve this.
Very realistic AI attacks
Phishing emails, for example, are gaining credibility by perfectly mimicking the communication style of organisations. A US-based financial entity recently received phishing emails containing links to fraudulent websites that imitated internal application login pages. (Source: Proofpoint)
AI is also used to generate polymorphic malware that constantly changes its form to evade detection tools or to simulate convincing conversations to deceive victims.
According to Bloomberg’s 2023 cybersecurity report, an organization reported that cybercriminals used GenAI models to mimic the voice and conversational style of its CEO. This resulted in a fraudulent bank transfer of several million dollars.
In September 2023, a hacker used AI to fake an employee’s voice and gain access to an IT company. (Source: pcmag.com)
These attacks are not isolated incidents—they affect numerous organisations.
The advancements provided by GenAI significantly enhance the complexity of cyberattacks, rendering traditional cybersecurity approaches obsolete.
A more complex detection landscape
Traditional security solutions, relying on signatures or pre-defined rules, struggle to keep pace with AI-driven attacks. These attacks evolve rapidly, generating massive volumes of malicious signals and overwhelming cybersecurity teams with an avalanche of alerts.
Cybercriminals also use AI to simulate human behaviour or imitate normal network activities, making detection even harder. Attacks are no longer just brute force intrusions but subtle infiltrations designed to remain unnoticed until significant damage is done.
Why NDR can address these new challenges?
Network Detection and Response (NDR) solutions stand out for their ability to monitor networks in real time and analyse behaviours to detect even subtle anomalies. Unlike signature-based tools, NDR systems—like Custocy’s—leverage supervised AI models and behavioural analysis to identify unusual patterns, whether caused by unknown or sophisticated attacks.
NDR provides visibility even in environments where data is encrypted. By analysing network metadata, it can detect suspicious behaviour without needing to decrypt content. Read our dedicated article on this topic HERE.
Moreover, its ability to deliver precise, contextual alerts reduces false positives, allowing teams to focus on genuine threats.
Examples of attacks that NDR can counter include:
- Targeted Phishing – When an attacker uses AI to generate phishing emails imitating an employee, NDR can detect anomalies in network connections, such as attempts to communicate with unknown domains.
- Polymorphic Malware – Dynamically generated malware that evades antivirus tools can be identified by NDR through real-time analysis of network flows and unusual behaviours, such as data transfers to unknown destinations.
- Lateral Movement – Attackers often use AI to imitate legitimate users and move within a network stealthily. NDR detects these abnormal lateral movements via behavioural analysis and triggers alerts to stop the attack before it spreads.
How to tackle AI-powered attack?
To remain effective against AI-driven cyberattacks, organisations must evolve their cybersecurity strategies and adopt tools capable of addressing these new challenges.
NDR is crucial for comprehensive network monitoring but must operate in synergy with other solutions to maximise security. Interoperability with tools like EDR (Endpoint Detection and Response), SIEM (Security Information and Event Management), or XDR (Extended Detection and Response) creates an integrated defensive ecosystem essential for countering increasingly complex threats.
Conclusion
GenAI is a game-changer for cyberattacks, making them faster, more realistic, and harder to detect. It is a powerful weapon for cybercriminals.
In this context, Network Detection and Response (NDR) solutions have become indispensable for organisations aiming to protect their critical assets.
Thanks to their ability to monitor network traffic comprehensively, detect behavioural anomalies, and adapt to emerging threats, NDR offers a robust response to the challenges posed by generative AI. To stay protected, businesses must not only adopt NDR solutions built on the power of AI but also invest in a holistic cybersecurity strategy.
Custocy, with its multi-temporal detection technology tailored to modern challenges, supports organisations in their fight against tomorrow’s cyber threats. Curious about our NDR? Click HERE.
