The convergence of evolving internet vulnerabilities, sophisticated criminal enterprises, and the transformative power of AI presents an unprecedented challenge to global security.

Cybercrime is no longer a fringe concern; it’s a colossal threat that dwarfs traditional organised crime. The recent ransomware attack on a company providing blood testing and transfusions to the national health service in the UK, which led to 12,000 cancelled appointments and serious harm to at least two patients, serves as a stark reminder of the real-world impact of these digital assaults. While the UK has yet to experience a Level 1 cyber-attack, the day appears to be drawing closer.

The financial toll is staggering. One well-known retailer recently faced an estimated €350 million reduction in its annual profits due to a cyber-attack, on top of a €700 million wipe-out of its market capitalisation. This highlights how cyber incidents can severely cripple businesses, especially those in sectors where disruption leads to rapid losses, like supermarkets. The sheer scale of cybercrime is alarming; if it were a legitimate industry, it would be the third-largest economy in the world, with global costs projected to hit €9.7 trillion this year.

Why We’re Vulnerable

Why are we so vulnerable? Part of the problem lies with human nature: complacency and the perceived cost of robust security measures often deter businesses from adequately protecting themselves. For the public, IT security often feels abstract and boring. The media, too, plays a role, with incidents affecting consumer goods often garnering more attention than those causing serious health implications.

The internet itself, not originally designed with security in mind, is another significant factor. Its layers of vulnerabilities, accumulated over decades of prioritising interoperability, present a fertile ground for exploitation. This inherent insecurity has also created a booming cybersecurity industry, which, while offering essential services, thrives on the very vulnerabilities it seeks to mitigate.

Bitcoin, the cryptocurrency of choice for many cybercriminals, has also fueled the ransomware epidemic, offering a degree of anonymity that traditional currencies do not. Although law enforcement has developed methods to track Bitcoin transactions, criminals constantly innovate, creating tools like “mixers” to obscure their activities.

Perhaps the most concerning development, however, is the increasing accessibility of cybercrime tools. The rise of “Ransomware-as-a-Service” means that even individuals without advanced technical skills can now purchase or rent the necessary tools to mount sophisticated attacks.

The AI Factor: A Double-Edged Sword

Now, the advent of artificial intelligence is poised to transform the cyber threat landscape. On one hand, AI offers powerful new tools for cybersecurity professionals to detect and combat threats. On the other hand, malicious actors are already leveraging AI to amplify their capabilities.

Voice phishing, for instance, has seen a dramatic increase, with one cybersecurity company reporting a 442% rise in such attacks in the latter half of 2024. AI can generate incredibly convincing fake emails and voice recordings with perfect local accents, making social engineering attacks more potent than ever. While large language models (LLMs) like ChatGPT have built-in safeguards against misuse, these can be circumvented through “jailbreaking” techniques. The emergence of tools like “WormGPT,” an AI specifically designed for criminal activities, offers a chilling glimpse into the future of cybercrime.

Researchers have even demonstrated “universal jailbreak” attacks that can subordinate major publicly available AI programs, leading to the creation of “Dark LLMs.” The implications are profound: unchecked, these tools could democratise access to dangerous knowledge, empowering criminals and extremists on an unprecedented scale.

The race for AI superiority between global powers, particularly the US and China, adds another layer of complexity. This competition, driven by economic, social, and military ambitions, often prioritises innovation over regulation and security. While some regions, like the EU, are attempting to impose regulatory systems on AI, their efforts face challenges in the face of dominant technological powers.

Beyond phishing, AI is being used by hackers to uncover “zero-day” vulnerabilities – previously undiscovered flaws in software that can be exploited for system access. Even more concerning is the potential misuse of “agentic AI,” which can adapt, reason, and learn autonomously. Experts warn that within the next two years, AI could advance to a level where it starts thinking for itself, potentially taking over all functions of cybercrime gangs, from malware creation to ransom demands and money laundering.

What next

The speed of AI innovation is breathtaking, and the future of internet security will depend on how geopolitical dynamics, regulatory efforts, and the willingness of nations to combat cybercrime play out.

Navigating this complex and rapidly changing field requires expert guidance. At CREAPLUS, our team of experienced IT security and AI experts can help individuals and organisations understand these emerging threats and develop robust strategies to protect their digital assets in this new era of cyber warfare.