Democratized cybercrime: a new lower bar for hackers and higher stakes for security – 1v1 Video Chat & LIve Streaming & Influencer Subscription

Tech Radar Pro

Tech Radar Gaming

Tech Radar Pro

TechRadar the business technology experts

Search TechRadar

View Profile

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

Expert Insights

Website builders

Web hosting

Best website builder
Best web hosting
Best office chairs
Best antivirus
Expert Insights

You may like

Agentic AI will accelerate social engineering attacks

AI is making phishing emails far more convincing with fewer typos and better formatting: Here’s how to stay safe

Why defensive AI alone is not enough: the crucial role of a strong security culture

Meanwhile, across the business world the stakes for defenders are rising fast. As multichannel attacks grow in scale and sophistication, even experienced employees are falling victim. In this new landscape, the cost of inaction isn’t just a data breach- it’s operational disruption, financial loss, and lasting reputational damage. Let’s unpack how advancements in technologies such as AI expands the talent pool for threat actors.

Matt Aldridge
Social Links Navigation

Senior Principal Solutions Consultant at OpenText Cybersecurity.
Social engineering made scalable
Phishing may be evolving but it still hinges on the same psychological tricks: urgency, trust, and fear. But where scams were once generic and mass distributed, AI now allows attackers to tailor them at scale. The result? A surge in spearphishing – targeted messages crafted with context to deceive specific individuals.
According to the OpenText 2025 Cybersecurity Threat Report, November 2024 saw the highest rate of spearphishing to date, making up 56.56% of all phishing activity. Attackers no longer have to choose between volume and precision- they can get the best of both worlds. And with users increasingly conditioned to trust branded platforms, phishing emails delivered via Google Docs or Amazon AWS (“living off the land” techniques) are slipping past defenses unchecked.
This democratization of tools means that cybercrime no longer requires deep expertise- just access to the right AI tools and a few stolen credentials. That’s a worrying trend for businesses who rely on traditional training to build user awareness. Keeping pace means continuously updating training to reflect emerging tactics, particularly those that blend email, SMS, voice and video across channels.
AI and automation, cybercrime’s force multiplier
The rise of generative AI has redefined the phishing threat. Not only are messages more convincing, but campaigns are faster to build, harder to detect, and significantly more dangerous. Deepfakes, once the domain of state actors, are now available to anyone with an internet connection.
This sharp rise in attack sophistication is mirrored in infection trends. In 2024, malware infections on business PCs jumped yet again from 1.86% to 2.39%- the steepest increase since 2020. And it’s not just the first hit that hurts: 43% of affected business endpoints were reinfected within the year. For consumers, the number is even higher, at 56%.
Attackers are increasingly using .zip files as a delivery mechanism, now the most popular format for malware laden attachments, making up 53% of the total. Their perceived legitimacy, combined with password protection (often provided in the email), creates a perfect storm of trust and risk.
AI isn’t just raising the quality of phishing, it’s removing the learning curve. That’s what makes today’s threat environment fundamentally different from even two years ago.
To counter this, organizations must fight fire with fire: deploy AI-enabled security tools that learn and adapt as quickly as attackers’ methods evolve.
From inbox to checkout
Phishing is no longer confined to email inboxes. Attackers have expanded into ecommerce, financial platforms, and cryptocurrency ecosystems – anywhere users engage digitally and make decisions quickly.
During busy shopping periods, scammers launch fake order confirmations and spoofed storefronts to steal payment details. Fraudulent investment schemes targeting decentralized finance and crypto wallets are also on the rise, often engineered with the same social engineering techniques seen in traditional phishing.
The OpenText report notes that phishing attacks are becoming more opportunistic, with over 235 million malware emails quarantined in 2024. Zip attachments dominate due to their effectiveness in bypassing user skepticism, and their ability to mask malicious content under the guise of security. This shift underscores a critical point: phishing is no longer just about access – it’s about fraud, financial theft, and long-term compromise. The digital trust model that underpins modern commerce is being weaponized.
Cybersecurity strategies must now span customer journeys, supply chains, and transaction flows, not just internal email systems.
Going forward
Phishing has evolved into a democratized, AI powered weapon, used by threat actors of all skill levels to exploit human trust and unlock IT infrastructure. The tools are widely available, the learning curve is shrinking, and the consequences of even one successful attack are growing.
This new era demands a new mindset. Defensive efforts must shift from reactive to proactive, combining real time threat detection with intelligent automation and continuous user education. Our data shows that companies using layered defenses, such as endpoint and DNS protection, experience 19.4% fewer infections than those relying on endpoint security alone.
In short, cyber resilience is no longer a mere competitive advantage – it’s imperative for survival.
Business leaders must act now. Audit your digital defenses, modernize your detection tools, and raise cyber awareness and response readiness at every level. Because when attackers can operate with minimal effort, organizations must respond with maximum intent.
We list the best online cybersecurity course.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Matt Aldridge

Social Links Navigation

Senior Principal Solutions Consultant at OpenText Cybersecurity.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Agentic AI will accelerate social engineering attacks

AI is making phishing emails far more convincing with fewer typos and better formatting: Here’s how to stay safe

Why defensive AI alone is not enough: the crucial role of a strong security culture

The AI arms race: why we need AI to fight AI attacks

Does AI leave security teams struggling?

AI is fueling the biggest financial scams ever—cyber safety experts are fighting back

Latest in Pro

DORA: reshaping UK’s financial ecosystem through cyber resilience

How to make your site more search friendly for AI agents

Most organisations are at risk thanks to immature supply chain security

Small business leaders are struggling to cope with a plummeting UK employment rate

UK workers are wasting billions of hours on administrative tasks – no, I’m not joking

AI is making people happier at work – but its also causing job security stress

Latest in Opinion

DORA: reshaping UK’s financial ecosystem through cyber resilience

I tried a super-bright 83-inch OLED TV and now projectors are ruined for me

Good tech doesn’t have to be boring – from headphones to smart lights, here are my top 6 recommendations for colorful tech that’ll stand out from the crowd

Doctor Who is my #1 Disney+ recommendation – here’s why it’s my TV show of choice across all of time and space

Is the window for generative AI adoption closing for companies?

Opportunity knocks: getting your house in order for the AI action plan