The Rise of AI-Powered and Human-Centric Attacks
Cyberattacks are increasingly exploiting human psychology at scale, blending social, cyber, and psychological tactics to manipulate emotion, trust, and urgency. This shift has placed new pressure on organizations as criminals use artificial intelligence to craft tailored email attacks that bypass traditional defenses. Experts from Fortinet, UC Berkeley, and other institutions note that while AI is not creating entirely new cyberthreats, it is making existing attacks more precise and accessible to less skilled actors through tools like FraudGPT and WormGPT.
Evolving Attack Vectors and Their Impact
Phishing techniques have diversified beyond simple email scams. The Astaroth phishing kit bypasses two-factor authentication through session hijacking and real-time credential interception from Gmail, Yahoo, AOL, and Microsoft 365 by acting as a man-in-the-middle. Additionally, QR code phishing has become prevalent, with 25% of all email phishing attacks now exploiting QR codes as unsuspecting users scan them without verification. Financial institutions face particular challenges as one-time passcodes become less reliable due to fraudsters exploiting SMS based verification weaknesses for account takeover and payment fraud schemes. The healthcare sector remains vulnerable due to supply chain vulnerabilities, legacy systems, and limited budgets, as demonstrated by a Florida firm notifying nearly 150,000 individuals of a phishing breach affecting one employee’s email account for just one hour.
The Need for Integrated Platform Defenses
Industry acquisitions like Kaseya’s purchase of Inky reflect the growing need for broader platform integration in email security. With phishing attacks becoming more subtle, access to login data and other platform signals is critical for threat detection. Organizations must adopt a unified approach across email, browsers, and collaboration tools to combat AI powered phishing, insider threats, and data loss. As global cybersecurity spending is projected to reach $135 billion by 2030, security leaders emphasize the importance of balancing AI’s potential for automating threat detection with proper governance and human centric defense strategies.
Source: Healthcareinfosecurity
