In the ever-evolving world of cybersecurity, where the race between hackers and defenders is unending, experts are flagging new, sophisticated attacks as the looming threats of the future.

This year, a Russian hacker group known as Midnight Blizzard has turned Microsoft Teams into a phishing ground, putting a new twist on an old attack strategy. Microsoft Threat Intelligence revealed that the group is using Microsoft 365 tenants of compromised small businesses to host and launch social engineering attacks.

Mark Ruchie, CISO of security firm Entrust, describes cybersecurity as a constant cat-and-mouse game. The most common form of attack remains phishing, with a Comcast Business Cybersecurity Threat Report finding that 90% of network breach attempts start with a phishing email. The scale and cost of cybercrime are skyrocketing, with predictions suggesting a rise from $3 trillion in 2015 to a staggering $10.5 trillion by 2025.

The threats are not just evolving; they’re multiplying. Hackers are now leveraging AI to conduct attacks that are faster, stealthier, and more unpredictable. The Finnish Transport and Communications Agency, in collaboration with the cybersecurity company WithSecure, released a report in December 2022 stating that AI-enabled cyberattacks are a growing threat organizations are struggling to cope with.

Generative AI is particularly worrisome. Hackers are using it to craft malware and create phishing and smishing messages that mimic legitimate emails so closely that they’re almost impossible to distinguish from the real thing. Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE) and field CISO at Hyperproof, recounts an incident where executives received a contract for review that was almost perfect, save for a minor company name error.

Another emerging threat is the use of deepfakes to mimic high-profile individuals. Ryan Bell, threat intelligence manager at cyber insurance provider Corvus, points to deepfake images of Ukrainian President Volodymyr Zelensky used for disinformation as evidence of this technology’s potential for harm.

Hackers are also looking to exploit an organization’s own AI systems, such as chatbots, for malicious purposes. Matt Landers, a security engineer with OccamSec, warns of the potential for hackers to repurpose compromised chatbots to spread malware or interact nefariously with others.

The threat landscape is expanding beyond traditional cyberattacks. Data poisoning, where attackers tamper with the data used to train machine learning models, and SEO poisoning, which involves manipulating search engine rankings, are additional concerns.

In response to these evolving threats, CISOs are advocating for a combined approach of established best practices and new technologies. Norman Kromberg, CISO of NetSPI, suggests layering new techniques with fundamental practices to create a defense that can detect novel threats.

As cybersecurity enters a new era marked by AI-enabled attacks, the need for a comprehensive, proactive security strategy becomes imperative. The challenge for security professionals is to stay one step ahead, and the whole community is busily figuring out how to leverage GAI to do just that.