The AI revolution has had a profound impact on business and our daily lives. We can achieve more then ever before, with less. However, this sadly means that criminals can do the same. AI tools are being used by cybercriminals to make their attacks more sophisticated, and businesses need to be vigilant.

In this blog, we’ll explore how AI is making cybercrime harder to detect, the emerging threats you need to be aware of, and how your organisation can stay prepared with the right tools and support.

How AI is changing the cybercrime game

Cybercriminals are no longer lone actors causing mischief - they’re organised, well-funded, and increasingly using AI to scale their operations. We saw this only recently with the sophisticated cyber attack on Marks & Spencer. Here’s how:

1. AI-Generated Phishing and Deepfakes

AI can now generate highly convincing phishing emails that mimic tone, branding, and even writing style. Worse still, deepfake audio and video are being used to impersonate executives and authorise fraudulent transactions.

Imagine receiving a voicemail from your CEO asking for an urgent wire transfer—only it wasn’t them. AI-generated voice cloning makes this not only possible but alarmingly easy.

2. Automated Vulnerability Scanning

AI tools can scan networks and systems for weaknesses at machine speed, identifying and exploiting vulnerabilities before human defenders even notice. This makes zero-day attacks more frequent and harder to stop.

3. Adaptive Malware

AI-powered malware can now change its behaviour in real time to avoid detection. It learns from its environment, bypasses traditional antivirus tools, and can even disable security software before launching its payload.

Debunking the ultimate cyber security myth

Too many business leaders still believe that they are unlikely to be attacked. They wrongly reason that attackers will focus on larger players such as FTSE 100 companies. This is false.

According to ActionFraud, over 24,000 cyber crimes were reported in 2023 and almost a quarter (22%) of all UK businesses were victims of some form of cybercrime in 2023. The NCA also reports that there was a 103% rise in ramsomware incidents in the UK between 2022 and 2023 alone.

Every business is a target, and midmarket companies are often the most attractive options for criminals because they often:

• Lack dedicated cyber security teams
• Rely on legacy systems
• Have limited visibility into their IT environments

Yet they still hold valuable data—financial records, customer information, intellectual property—that makes them prime targets.

How cyber attacks typically start

Most cyber attacks begin with a simple but deceptive tactic: social engineering. This often takes the form of a phishing email designed to trick an employee into clicking a malicious link, downloading an infected attachment, or entering credentials on a fake login page. Once inside, attackers may escalate privileges, move laterally across systems, and exfiltrate sensitive data—all without triggering traditional security alerts. Increasingly, these initial lures are powered by AI, making them more convincing and harder to detect than ever before.

Common signs that you might be experiencing a cyber attack

1. Unusual Login Activity

• Logins from unfamiliar locations or devices

• Multiple failed login attempts

• Logins at odd hours (e.g. late at night or weekends)

2. Unexpected Outbound Traffic

• Large volumes of data being sent externally
• Connections to known malicious IP addresses
• Spikes in bandwidth usage without explanation

3. Phishing Emails or Suspicious Messages

• Emails with urgent requests, typos, or strange links
• Messages claiming to be from executives or suppliers asking for payments or credentials
• Unexpected attachments or shared files

4. System or Application Anomalies

• Slower-than-usual performance
• Applications crashing or behaving unpredictably
• New software or processes running that weren’t installed by IT

5. Disabled Security Tools

• Antivirus or endpoint protection being turned off
• Firewalls or logging systems being modified
• Alerts from tools like Sophos or Mimecast being suppressed

6. User Reports

• Employees reporting suspicious pop-ups, emails, or system behaviour
• Passwords suddenly not working
• Files missing or encrypted

How to stay vigilant against AI-driven cybercrime

1. Implement Advanced Threat Protection

Traditional antivirus is no longer enough. Solutions like Sophos Intercept X EDR use AI to detect and block threats before they execute—protecting against ransomware, exploits, and fileless attacks.

2. Secure Your Email Gateway

Email remains the number one attack vector. Mimecast provides AI-driven email security that filters out phishing, impersonation attempts, and malicious attachments—before they reach your users.

3. Educate and Simulate

Human error is still the weakest link. Regular security awareness training and phishing simulations help staff recognise and report suspicious activity—especially when it’s AI-generated.

4. Monitor and Respond in Real Time

A managed detection and response (MDR) service ensures that threats are identified and neutralised quickly around the clock.

5. Review Your Cyber Resilience Strategy

AI threats require a proactive approach. Reach out to your MSP to begin a cyber readiness assessment which will help you assess your current posture, identify gaps, and implement a Zero-Trust model to limit exposure.