Combatting Rising AI Attacks With AI-Powered Defences 

Uploaded on 2025-03-25 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

UK organisations are facing a new, more advanced threat to their business operations in the form of AI-generated ransomware attacks.

As it stands, ransomware already poses a major threat to organisations. Advancements in AI are starting to take this risk to the next level, reshaping the threat landscape and leading to potentially devastating consequences.  

In its report, ‘The near-term impact of AI on the cyber threat’, the National Cyber Security Centre (NCSC) found that all cyberthreat actors are already using AI to varying degrees. While AI-driven attacks are not fundamentally new, its ability to automate, scale, and refine traditional attack methods - particularly social engineering and initial access techniques - is rapidly intensifying the ransomware threat.  

With AI-augmented threats evolving at an accelerated pace, organisations cannot afford to rely on reactive security measures. Instead, they must adopt a proactive, analytics-driven security approach to keep pace with adversaries and pre-emptively mitigate risks.  

AI Attacks & Their Impact  

AI is rapidly escalating the sophistication, speed, and scale of ransomware attacks.  While AI does not fundamentally change how ransomware operates, it significantly enhances key aspects of the attack lifecycle.  
As outlined by the NCSC report, the growth of AI-driven ransomware attacks is set to cause notable impacts including:  

  • Lowered Barrier of Entry for Cybercriminals: AI is lowering the barrier of entry for threat actors, meaning that less-skilled individuals can launch highly effective and sophisticated attacks with ease. Readily available AI models are already automating malware generation, crafting phishing emails, and exploiting identification, allowing cybercriminals to scale their operations without deep technical expertise. 
  •   More Convincing and Scalable Social Engineering Attacks:  AI is most impactful in enhancing phishing and social engineering—which are primary entry points for ransomware. Attackers are using AI to generate highly realistic phishing emails, deepfake voice scams, and fraudulent communications that bypass traditional detection mechanisms.  
  • Faster Vulnerability Exploitation: AI accelerates the reconnaissance phase of cyberattacks, allowing attackers to scan for vulnerabilities, identify weaknesses, and develop exploits faster than ever. This reduces the window to patch security gaps before they are exploited. 
  • More Adaptive and Efficient Attacks. Threat actors, including ransomware actors, are already leveraging AI to dynamically adjust their attack strategies, generating new variations of malware and phishing campaigns to bypass signature-based security tools. While AI is not yet creating undetectable malware, it is making evasion tactics more efficient by fine-tuning payloads against traditional defences. 

The NCSC report highlights that AI-driven cyberthreats are evolving too rapidly for organisations to rely on reactive security measures. Traditional security approaches that depend solely on signature-based detection or rule-based correlation are no longer sufficient to counter AI-enhanced threats. 

To stay ahead, organisations must adopt an analytics-driven security strategy that detects and responds to threats based on behavioural anomalies, not just known attack patterns. This is where user and entity behaviour analytics (UEBA) play a critical role.  

AI Defences to Fight AI Attacks 

As AI-generated ransomware attacks continue to evolve, security strategies must adapt. This is vital to establish a security-first foundation, with the NCSC assessment outlining that the impact of AI on cyberthreats will be offset through leveraging AI to enhance cybersecurity resilience.  

UEBA is one of the most effective approaches to detect unknown threats by focusing on behavioural anomalies. It uses variations of AI and machine learning (ML), data enrichment, and data science to improve the TDIR of ransomware.  

UEBA strengthens organisation’s security operations and prepares for AI ransomware attacks in several ways: 

  • Threat Hunting Capabilities:  Deploying UEBA provides a proactive approach to mitigating risk by automatically searching for anomalous activity. This helps investigators understand the flagged behaviour in a broader context, which significantly reduces the amount of time the security operations centre (SOC) team has to spend on data gathering, validation, and subsequent investigation. 
  •  Enhanced Automation: A key feature of modern UEBA tools is the ability to automate and orchestrate security tasks. Automation allows these tools to execute predefined actions automatically when certain criteria or thresholds are met. Orchestration capabilities work in tandem with automation to streamline the workflow of security operations.  
  • Increased Accuracy: UEBA continuously learn and adapt to new behaviours, making it the ideal defence for evolving AI-driven threats. It is constantly learning how to be more accurate and avoid false alarms. Instead of flagging every anomaly, UEBA assigns a risk score to each automatically generated alert. This enables security teams to focus their efforts on mitigating real threats, rather than chasing false positives. 

A Proactive Stance Against Sophisticated Threats 

AI-powered threats demand AI-powered defences. As phishing attacks, malware delivery, and ransomware becomes more advanced and harder to detect, organisations need effective AI-driven cybersecurity tools to mature their cybersecurity operations.  

By harnessing UEBA, they can stay ahead of growing risks with a proactive and predictive approach. 

Kev Eley is Vice President UK & Ireland at Exabeam 

Image: Ideogram

You Might Also Read:

Bridging The Cybersecurity Skills Gap With Efficiency:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ukraine Railway Systems Attacked By Russian Hackers
Taiwanese Hackers Accused Of Attacking China »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

IUCC Cyber Unit - Israel

IUCC Cyber Unit - Israel

IUCC Cyber Unit safeguards Israel’s National Research & Education Network (NREN).

Purple Security

Purple Security

Purple Security arises from the association of specialists in offensive security (ethical hackers, white hats) and experts in insurance, compliance and implementation of industry standards.

Cyber Wales

Cyber Wales

Cyber Wales provides a focus and forum for everyone in the industry, helping businesses come together and collaborate both within Wales and internationally.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

BlueRiSC

BlueRiSC

BlueRiSC invent cutting-edge system assurance solutions for the 21st century with novel software and hardware designs focusing on security technologies that can be game changing.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Contechnet Deutschland

Contechnet Deutschland

Contechnet Deutschland started as a specialist in the area of IT disaster recovery and has since broadened its portfolio into information security and data protection.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

ZoobeTek

ZoobeTek

ZoobeTek are a company focused on preventing leaks related to the security of business information3.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

BlazeGuard

BlazeGuard

At BlazeGuard, we understand that navigating the complex world of cybersecurity can be challenging. That’s why we make it our mission to simplify the process for you.

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.

Ridgeline International

Ridgeline International

Ridgeline helps organizations manage digital risk through data privacy and secure infrastructure solutions.