IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image

Trend Micro warns of AI-driven cyber threats by 2025

Today

Trend Micro has released its 2025 predictions report warning of AI-driven cyber threats that may significantly impact scams and cyber operations in 2025 and beyond.

According to the report, the development of malicious "digital twins" could pose a new level of threat. These twins utilise personal information to train a large language model (LLM) to copy a victim's personality, knowledge, and writing style. Combined with deepfake technologies and compromised biometric data, such technology may facilitate identity fraud or deceive family, friends, or colleagues.

Commenting on the findings, Mick McCluney, ANZ Field CTO at Trend Micro, stated: "As generative AI makes its way ever deeper into enterprises and the societies they serve, we need to be alert to the threats. Hyper-personalised attacks and agent AI subversion will require industry-wide effort to root out and address. Business leaders should remember that there's no such thing as standalone cyber risk today. All security risk is ultimately business risk, with the potential to impact future strategy profoundly."

Trend Micro's report suggests that advanced AI techniques, such as deepfakes, could be used in large-scale attacks to increase business compromise, orchestrate "fake employee" scams, and improve adversaries' open-source intelligence capabilities. Moreover, AI enhancements could bolster pre-attack preparation and increase attack success by creating plausible social media personas that propagate misinformation and scams.

Red flags for businesses adopting AI in 2025 include potential exploits such as hijacking of AI agents to perform unauthorised actions, information leakage from generative AI, and resource consumption leading to denial of service attacks.

Additional areas of concern pinpointed in the report involve vulnerabilities such as memory management bugs, exploits targeting APIs, and older vulnerabilities like cross-site scripting and SQL injections. The potential for a single vulnerability affecting multiple systems and manufacturers was also highlighted.

Ransomware threats continue to evolve, with perpetrators now creating kill chains targeting areas often overlooked by endpoint detection tools, such as cloud systems and IoT devices. Techniques such as bring your own vulnerable driver (BYOVD) strategies are increasingly being used to bypass traditional security measures.

In response to these threats, Trend Micro advocates for a risk-based cybersecurity approach. This involves central identification of assets, prioritised risk assessment, and leveraging AI for threat intelligence and asset management. It also suggests updating user training in line with AI advancements and securing AI technologies to prevent abuse.

The report underscores the importance of understanding an organisation's position within the supply chain and addressing vulnerabilities in public-facing servers. It also recommends implementing multi-layered defences for internal networks and ensuring comprehensive visibility of AI agents.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X