Cybercriminals are increasingly deploying generative AI tools in their efforts at ransomware and fraud, Moody’s Ratings said. 

The FBI’s Internet Crime Complaint Center received a record 880,418 reports from the public last year — a nearly 10% increase compared with 2022 — with estimated losses exceeding $12.5 billion, the law enforcement agency said. Just a fraction of such crimes are reported, the FBI said. 

The number of reported ransomware attacks by the U.S. public rose 18% last year to 2,825, with losses surging 74%, the FBI said. 

“Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate,” the FBI said in a report. 

Cybercriminals are increasingly deploying generative AI tools in their efforts at ransomware and fraud, Moody’s said. 

“Phishing attacks, aiming to entice a user into clicking a malicious link, will be turbocharged by GenAI,” the ratings company said. “GenAI tools will enable attackers to craft personalized and compelling text, audio and video content that mimic legitimate communications from trusted entities.” 

Cybercriminals can increasingly penetrate defenses of a large company by compromising the defenses of third-party software suppliers, Moody’s said. A successful attack on one supplier can yield openings for ransomware and other crimes at many of the supplier’s customers. 

Pilferage of employee credentials is also the technique most favored by cybercriminals, Moody’s said. The use of stolen credentials surged 71% last year compared with 2022 and ranked as the most commonly used tactic for gaining unauthorized access to companies’ systems, Moody’s said, citing IBM data. 

The Trump administration will likely clear some regulatory obstacles to wrongdoers, Moody’s said. 

“The administration will likely roll back cybersecurity mandates and potentially curtail the activities of the U.S. Cybersecurity and Infrastructure Security Agency,” Moody’s said. “This could expose issuers to a heightened risk of cyberattack.” 

Companies can use AI to reduce cyber-threats, according to Leroy Terrelonge, a Moody’s Ratings vice president focused on cyber credit risk. 

Chief Information Security Officers can use AI tools to translate cybersecurity risks into financial risks for assessment by company boards, Terrelonge said Monday in an email reply to questions. 

“Cybersecurity professionals will be able to evaluate threats more rapidly by using generative AI to quickly examine suspicious activity to determine critical details such as the type of attack used, information about the origin of the attack and perhaps even gain further insight into what the attack is targeting,” he said. 

“Today, these analyses require skilled practitioners to leverage several tools and often require translation between the lexicon of one tool to another in order to perform the work,” Terrelonge said. 

Cybersecurity staff will also be able to use generative AI to build customized security training programs, email campaigns and other resources to inform employees about risks, he said.