Article by: Xu Yuzheng, ASME Secretariat, May 13, 2025, https://asme.org.sg/newsroom/article/zmgidvdposgvm598mg7kwnhs/2025-05-13-electronic-espionage-the-low-down-on-ai-powered-cyberattacks
You may be aware of the productivity and ideation benefits that Artificial Intelligence (AI)-powered tools offer. However, what about AI-powered cybersecurity attacks? These are not just your old-fashioned tricks – misspelt domain names, obviously fake requests for sensitive information, or patchy calls from unknown foreign numbers. AI has not only just made work easier – it has made scamming easier.
Put yourself in the shoes of a SME employee being sent an email from their CEO. Generated by an AI tool, this email perfectly mimics the CEO’s pattern of writing, sentence structure, and even references recent company events. The email goes further and requests you to transfer funds to an unrecognised account for a confidential acquisition. Had you followed through with the request, the company would have lost large sums of money and digital assets, with little available recourse due to the remote nature of online scams.
While it can sound ridiculous to you, this has really happened – as mentioned in Cybershield Series #2.
Robot Robbers: AI-Enhanced Cyber Threats
Don’t think this to be an attempt at making mountains out of molehills. Cases as mentioned have been on the rise worldwide, with tech giants such as Microsoft having thwarted more than USD 4 Billion worth of scams, all within a year.
Proving that AI-powered cyber threats are no longer just a novelty, it is an everyday affair. With AI tools lowering the level of skills and know-how required to craft elaborate scams, the risk of encountering one is ever-increasing.
Low Crime Doesn’t Mean No Crime
“This won’t happen to me, I’m not prominent enough.”
Popular misconceptions about cyber-attacks include business owners assuming their firms would not come under attack due to their low-profile nature of business, and that cyber-attacks only target large, high valuation multi-national companies.
On a local scale, up to a staggering 46% of security and IT leaders report an increase in AI-augmented security scams – making robust cybersecurity measures an absolute must today. These new scams are capable of much more than previously-established methods. By tapping on Generative AI, new scams create dangerously convincing emails, deepfake videos and voice clones to bypass filters and reach targets.
According to a Cyber Security Agency of Singapore report, more than 8 in 10 SMEs have had cybersecurity incidents in 2023, with nearly half experiencing such incidents several times a year. These staggering figures prove the ever-growing need for firmer security and cyber hygiene measures. Be the exception – not the norm here.
What Can I Do?
Implement AI-powered security solutions: Deploy advanced threat detection systems that use machine learning to identify and block sophisticated AI-driven attacks.
Enhance employee training: Conduct regular cybersecurity awareness programs focusing on recognising AI-generated content and social engineering tactics.
Utilize multi-factor authentication (MFA): Implement strong MFA across all systems to provide an additional layer of security against unauthorised access.
Adopt zero-trust architecture: Implement a zero-trust security model to verify every user and device attempting to access network resources.
Regular security audits: Conduct frequent security assessments to identify vulnerabilities and update defenses against evolving AI-driven threats.
Implement robust email filtering: Use advanced email security solutions capable of detecting AI-generated phishing attempts.
Verify unusual requests: Establish protocols for verifying unexpected communications, especially those involving financial transactions or sensitive information.
Wising Up To The Issue
While these measures can work to prevent and minimise the risk of AI-augmented cyberattacks, the onus still ultimately lies with businesses and companies alike to educate, train and remind staff on practicing good cybersecurity habits on top of maintaining up-to-date and reputable security software.
To ensure a multi-pronged and effective defense to these pesky new AI-powered scams, stay ahead of new deception methods and secure your E-Assets!
This bulletin is brought to you by Evvo Labs Pte Ltd (www.evvolabs.com), a CISO-as-a-Service Consultant onboarded by the Cyber Security Agency of Singapore (CSA). For personalized cybersecurity guidance and services, please reach out to Evvo Labs at sales@evvolabs.com.
