Cyber threats benefit from a fear of the unknown on the part of their potential victims. Clarity is the panacea, as Kaspersky knows all too well. By researching the threat landscape and tracking its behavior, the company’s Global Research & Analysis Team (GReAT) highlights how attackers are exploiting IT environments the world over, and how they can be (and indeed are) stopped.
At Kaspersky’s Horizons event in Rome, the company highlights both the macro view of security trends and some specific nefarious examples of cyber threats. We’ll touch on some of the latter along the way, but the more interesting story here is without doubt the company’s down-to-earth approach to cyber threats in their current manifestation.
The rise of the professional attacker
We often find ourselves covered in a deluge of “what-ifs” when it comes to discussions around AI-based attacks. Security professionals, even very bright ones, will usually find the rhetorical appeal of an agentic apocalypse irresistible. What if attackers aren’t just humans, but also self-sustaining agents? What if they utilize models like Claude Mythos and homegrown, guardrail-free equivalents to find every vulnerability, mislead any employee, decipher any key? Kaspersky, thankfully, strays very far away from such theory. Instead, Dmitry Galov, Head of Kaspersky GReAT, is unusually matter-of-fact about the topic.
“AI agents will not replace the attackers, they will just scale them and give them more power and capacity,” says Galov. Yes, the barrier to entry for cybercriminals is dropping quickly, but this isn’t all down to AI breakthroughs. We’ve charted the rise of an “enterprise-ification”, if you will, of cybercrime. From a disparate mess of miscreants to a professionalized division of labor, adversaries nowadays buy or sell access, offer customer service to victims and give paid time off to their employees. Galov notes that IT has been automating for decades, and this lowered barrier to entry on the attackers’ side doesn’t actually matter. “The attack itself will be the same, and we can protect it all the same.”
Rather than a mass of AI-driven attacks, Galov notes, it is human inventiveness that continues to dominate successful compromises. One example involves Korean-speaking hackers (known to Google as UNC1069), who earlier this year used deepfakes in a Zoom meeting with a company executive to convince them to install a fake extension on macOS. There’s a certain “artistic touch” required, it seems, as Galov describes the methodology.
Nobody notices the good work
Security teams have always faced a perverse fate: do the job well, and the absence of incidents makes the work look expendable. “When you make a mistake [as a security professional], everyone notices, but when you do everything well, no one will notice,” Galov observes. Only when trouble arises do most business executives feel the need to invest in cybersecurity. Additionally, successful breaches rarely happen without human error compounding a security flaw. Technology can’t be the sole savior.
What that investment in security looks like varies. Large enterprises may possess the capital and expertise to deal with their own security posture. Even then, they’ll use external tooling at least some of the time. For mid-market companies, swathes of the public sector and small businesses, external applications are all that’s realistically possible. Galov notes that while IT security solutions should be involved, an internal cultural awareness of security threats needs to be fostered.
Building culture
The practical result of such an awareness shows up when a company faces a ransomware threat. Instead of complying with the ransom demand, likely due to a mix of time pressure and the financial, moral or regulatory risk of losing sensitive data, enterprises should refrain from doing so. Not only can backups and layered defenses limit the damage, the act of paying for a ransom is essentially an investment in further cybercrime activity. Galov highlights how Kaspersky is an active participant in The No More Ransom Project, seeking to establish a normative standard of simply not paying off criminals and rewarding them financially in the process.
How does one foster a healthy security culture? The benefits of one are clear. Employees will not only reduce the company’s security exposure by being trained not to click on suspicious URLs, they will also know what to do when they do get compromised. A common issue for victims is that they are reluctant to come forward and flag that they were fooled by phishing of some form. Then again, they might not even be aware of a compromise if it has no clear immediate effects.
Just as security awareness training is no fix-all solution, hiring a CISO isn’t a guaranteed improvement to your resilience. Galov says that “a CISO can be nice” but he emphasizes that such an executive needs to be more than a figurehead. Given the current threat landscape, they also need to be aware of how exactly AI can be a problem, and it may not be in the way one imagines.
AI is mostly a supply chain risk
At the Horizons conference, several familiar AI-based security headaches were noted. Examples include the ever-present ‘shadow AI’, a phenomenon where employees will use public AI tools without notifying their organization to summarize text, draft legal documents, you name it. ChatGPT can be a major time-saver, and OpenAI a welcoming recipient of your sensitive data. However, even with a seemingly mature AI approach in place, organizations seem to miss a few huge blind spots.
Firstly, as Galov remarks, AI systems that your IT department is aware of are still blind spots in and of themselves. Opaque assistants and workflows that fail to describe their data-sharing approach may receive data they should not be able to access in environments not controlled by the organization in question. He goes on to mention how counterfeit systems impersonate Claude, MCP or other AI tools. Official clients, packages and open-source dependencies have also been compromised, notably by TeamPCP, such as Mistral AI, LiteLLM and components in UiPath’s namespace.
In Galov’s framing, AI turns out to be mostly a supply chain risk. Before even getting to the unpredictable nature of LLMs or the pitfalls in their implementations, the adoption of AI opens up a string of supply chain risks. Even using AI for defensive purposes, which sounds like a major boon, can cause enormous downtime. After all, agents operate at machine speed, making preventative measures near-instantaneous, as security specialist Andrea Fumagalli warns, speaking at the Horizons conference. “In 5 minutes, it might blacklist a bunch of IP addresses that you then have to recover manually.” Recovering from an agentic miscalculation can be a “nightmare” rather swiftly, Fumagalli notes.
Conclusions
In one sense, Kaspersky has opted to focus on the measurable present rather than a speculative future. Nevertheless, the shape of tomorrow’s threats is fairly clear, even if we can’t know the specifics. AI accelerates intent, be it positive or negative. Agentic systems, it appears, won’t soon become self-sufficient, but they can massively reduce the time from ideation to action. This is hard to measure. It is also enormously difficult to prove in the first place.
How could one even tell if an attack is AI-led, AI-assisted, or entirely human? Galov points us to a reality where one must act on known factors, and ignore just about everything else. The signal-to-noise ratio for cybersecurity in the age of AI is unhelpfully low, even when communicating about threats. Kaspersky hasn’t added to the noise and shows competitors that there’s plenty to talk about in the current day, with present AI adoption, and without fearmongering about the future.
Also read: Post-Mythos security is still very much pre-Mythos security