Combatting Rising AI Attacks With AI-Powered Defences 

Uploaded on 2025-03-25 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

UK organisations are facing a new, more advanced threat to their business operations in the form of AI-generated ransomware attacks.

As it stands, ransomware already poses a major threat to organisations. Advancements in AI are starting to take this risk to the next level, reshaping the threat landscape and leading to potentially devastating consequences.  

In its report, ‘The near-term impact of AI on the cyber threat’, the National Cyber Security Centre (NCSC) found that all cyberthreat actors are already using AI to varying degrees. While AI-driven attacks are not fundamentally new, its ability to automate, scale, and refine traditional attack methods - particularly social engineering and initial access techniques - is rapidly intensifying the ransomware threat.  

With AI-augmented threats evolving at an accelerated pace, organisations cannot afford to rely on reactive security measures. Instead, they must adopt a proactive, analytics-driven security approach to keep pace with adversaries and pre-emptively mitigate risks.  

AI Attacks & Their Impact  

AI is rapidly escalating the sophistication, speed, and scale of ransomware attacks.  While AI does not fundamentally change how ransomware operates, it significantly enhances key aspects of the attack lifecycle.  
As outlined by the NCSC report, the growth of AI-driven ransomware attacks is set to cause notable impacts including:  

  • Lowered Barrier of Entry for Cybercriminals: AI is lowering the barrier of entry for threat actors, meaning that less-skilled individuals can launch highly effective and sophisticated attacks with ease. Readily available AI models are already automating malware generation, crafting phishing emails, and exploiting identification, allowing cybercriminals to scale their operations without deep technical expertise. 
  •   More Convincing and Scalable Social Engineering Attacks:  AI is most impactful in enhancing phishing and social engineering—which are primary entry points for ransomware. Attackers are using AI to generate highly realistic phishing emails, deepfake voice scams, and fraudulent communications that bypass traditional detection mechanisms.  
  • Faster Vulnerability Exploitation: AI accelerates the reconnaissance phase of cyberattacks, allowing attackers to scan for vulnerabilities, identify weaknesses, and develop exploits faster than ever. This reduces the window to patch security gaps before they are exploited. 
  • More Adaptive and Efficient Attacks. Threat actors, including ransomware actors, are already leveraging AI to dynamically adjust their attack strategies, generating new variations of malware and phishing campaigns to bypass signature-based security tools. While AI is not yet creating undetectable malware, it is making evasion tactics more efficient by fine-tuning payloads against traditional defences. 

The NCSC report highlights that AI-driven cyberthreats are evolving too rapidly for organisations to rely on reactive security measures. Traditional security approaches that depend solely on signature-based detection or rule-based correlation are no longer sufficient to counter AI-enhanced threats. 

To stay ahead, organisations must adopt an analytics-driven security strategy that detects and responds to threats based on behavioural anomalies, not just known attack patterns. This is where user and entity behaviour analytics (UEBA) play a critical role.  

AI Defences to Fight AI Attacks 

As AI-generated ransomware attacks continue to evolve, security strategies must adapt. This is vital to establish a security-first foundation, with the NCSC assessment outlining that the impact of AI on cyberthreats will be offset through leveraging AI to enhance cybersecurity resilience.  

UEBA is one of the most effective approaches to detect unknown threats by focusing on behavioural anomalies. It uses variations of AI and machine learning (ML), data enrichment, and data science to improve the TDIR of ransomware.  

UEBA strengthens organisation’s security operations and prepares for AI ransomware attacks in several ways: 

  • Threat Hunting Capabilities:  Deploying UEBA provides a proactive approach to mitigating risk by automatically searching for anomalous activity. This helps investigators understand the flagged behaviour in a broader context, which significantly reduces the amount of time the security operations centre (SOC) team has to spend on data gathering, validation, and subsequent investigation. 
  •  Enhanced Automation: A key feature of modern UEBA tools is the ability to automate and orchestrate security tasks. Automation allows these tools to execute predefined actions automatically when certain criteria or thresholds are met. Orchestration capabilities work in tandem with automation to streamline the workflow of security operations.  
  • Increased Accuracy: UEBA continuously learn and adapt to new behaviours, making it the ideal defence for evolving AI-driven threats. It is constantly learning how to be more accurate and avoid false alarms. Instead of flagging every anomaly, UEBA assigns a risk score to each automatically generated alert. This enables security teams to focus their efforts on mitigating real threats, rather than chasing false positives. 

A Proactive Stance Against Sophisticated Threats 

AI-powered threats demand AI-powered defences. As phishing attacks, malware delivery, and ransomware becomes more advanced and harder to detect, organisations need effective AI-driven cybersecurity tools to mature their cybersecurity operations.  

By harnessing UEBA, they can stay ahead of growing risks with a proactive and predictive approach. 

Kev Eley is Vice President UK & Ireland at Exabeam 

Image: Ideogram

You Might Also Read:

Bridging The Cybersecurity Skills Gap With Efficiency:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ukraine Railway Systems Attacked By Russian Hackers
Taiwanese Hackers Accused Of Attacking China »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Mielabelo

Mielabelo

Belgian consulting firm providing services in the security and compliance of information systems and IT service management.

Acuity RM Group

Acuity RM Group

Acuity RM Group helps businesses worldwide effectively manage, prioritize and report on their risks to inform strategic and tactical decision-making and build long-term resilience.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Lunio

Lunio

Lunio makes the internet a safer and more reliable place for everyone trying to grow their business by automatically getting rid of fake clicks, traffic, and leads on all ad platforms.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

Menaya

Menaya

Menaya provide Ethical Hackers for leading companies while also providing cyber security solutions to help major infrastructures protect against cyber crime.

Anonos

Anonos

Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments.

Pulsar Security

Pulsar Security

Pulsar Security is a team of highly skilled, offensive cybersecurity professionals with the industry's most esteemed credentials and advanced real-world experience.

Socket

Socket

Socket protects software applications and critical services from malware and security threats originating in open source code.