AI-driven cyberattacks are escalating, particularly in the form of Business Email Compromise (BEC), which now leverages advanced AI tools to impersonate trusted contacts and bypass conventional defenses. A recent Bitdefender study shows Singapore ranked third globally in the rise of AI-based attacks over the past year, with over 50% of security professionals reporting pressure to keep breaches confidential—even when disclosure was appropriate. These threats are increasingly sophisticated, employing AI Agents to automate deepfake voice cloning, multilingual phishing, and rapid vulnerability exploitation.
According to Paul Hadjy, Bitdefender’s Vice President of APAC and Cybersecurity Services, BEC attacks thrive due to low awareness, complacency, and overconfidence in outdated security postures. The company’s 2025 survey of over 1,200 global security professionals revealed widespread gaps between executive confidence and frontline capabilities.
Key attack trends include:
- Use of “Living off the Land” (LOTL) techniques — exploiting legitimate tools like PowerShell for stealth attacks.
- 84% of analyzed attacks involved LOTL methods, evading traditional endpoint detection.
- Threat actors now exploit vulnerabilities within hours of discovery, especially in edge devices.
To counter these tactics, Hadjy advocates real-time, behavior-based detection and AI-integrated solutions such as Bitdefender’s GravityZone PHASR, which proactively hardens endpoints and reduces attack surfaces. He emphasizes the importance of:
- Automating threat detection to mitigate alert fatigue and staffing shortages.
- Limiting tool capabilities, auditing admin privileges, and deploying extended detection and response (XDR) systems.
- Conducting ongoing staff training and red teaming to prepare for AI-enhanced phishing and deepfake attacks.
Ultimately, building resilience against AI-led threats requires combining AI-powered defenses with human oversight, threat intelligence, and continuous simulations. As attackers increasingly exploit AI, cybersecurity strategies must evolve just as quickly to safeguard digital infrastructure.
Source:
