The era of hyper-personalized attacks is upon us, warns leading cybersecurity firm
Highly personalized, AI-based attacks will supercharge digital scams and phishing fraud by 2025, impacting business operations and user security, according to a study by the journal “The Easy Way IN/OUT – Securing the Artificial Future.” Trend Micro, a global leader in cybersecurity. Criminals will continue to devise new ways to exploit vulnerabilities, increasing risk as organizations expand their attack surface.
“With the rise of Generative AI, it is imperative to remain vigilant about emerging threats. Malicious use of new technology and hyper-personalized attacks will require a concerted effort from the industry to combat cybercrime. Business leaders must remember that there is no such thing as a standalone cyber risk today. Every security risk represents a business risk, with the potential to profoundly impact the business and future strategies,” said Jon Clay, vice president of Threat Intelligence at Trend Micro.
Trend’s Security Predictions for 2025 report warns of the potential for malicious “digital twins,” where breached/leaked personal information is used to train a Large Language Model (LLM) simulating the behavior, personality, and writing style of a victim/employee. When implemented in deepfakes, with video and audio combined with compromised biometric data, they could be used for identity fraud or to trick a friend, colleague, or family member.
Deepfakes and AI can also be applied in large-scale hyper-personalized attacks to:
- Improve Business Email Compromise (BEC) scams, known as “CEO Fraud” and “Fake Employee” scams;
- Identify victims for the scam “pig butchering” (“slaughter of the pig”, in free translation), which is called this way because its victims suffer strong emotional manipulation;
- Lure and seduce these victims before handing them over to a human operator, who can converse through an LLM’s “personality filter”;
- Improve open source intelligence gathering by adversaries;
- Develop the pre-attack to increase the chances of the attack being successful;
- Creating fake social media profiles that appear authentic to spread misinformation and promote scams at scale.
Companies that broadly adopt AI in 2025 will also need to be aware of threats such as exploitation of vulnerabilities and hijacking of AI agents to manipulate them for harmful or unauthorized actions. Also at risk are unintentional leakage of Generative AI information, as well as benign or malicious consumption of system resources by AI agents leading to denial of service.
“The prospect of ever-increasing profits motivates cybercriminals to develop nefarious Generative AI tools. Not to mention that the growing use of AI increases the need for robust security measures to guarantee IT teams end-to-end visibility,” highlights Cesar Candido, general director of Trend Micro Brazil.
Outside of the AI threat world, the report highlights additional areas of concern in 2025, including vulnerabilities such as memory management and corruption bugs, container escapes, and ransomware targeting the cloud, IoT devices, and edge computing technology. The result will be faster attacks with fewer steps, making them harder to detect.
Time to act
To address these growing threats, Trend Micro recommends:
- Implement a risk-based approach to cybersecurity, enabling centralized identification of diverse assets and effective risk assessment/prioritization/mitigation;
- Leverage AI to assist with threat intelligence, asset profiling, attack path prediction, and remediation guidance, ideally from a single platform;
- Update user training and awareness in line with recent advances in AI and how they facilitate cybercrime;
- Monitoring and protecting AI technology from abuse, including security for input validation and response or actions generated by AI;
- For LLM security: protecting sandbox environments, implementing strict data validation, and implementing multi-layered defenses against prompt injection;
- Understand supply chain organization, address vulnerabilities in public-facing servers, and implement multi-layered defenses on internal networks;
- Facilitate end-to-end visibility of AI agents;
- Implement attack path prediction to mitigate cloud threats.
To access the study “The Easy Way IN/OUT – Securing the Artificial Future” click ON HERE.
About Trend Micro
Trend Micro, a global leader in cybersecurity, helps make the world a safer place to exchange digital information. Powered by decades of cybersecurity expertise, global threat research, and continuous innovation, Trend Micro’s AI-powered cybersecurity platform protects hundreds of thousands of individuals and organizations across the cloud, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, Trend Micro delivers a powerful array of advanced threat defenses optimized for environments such as AWS, Microsoft, and Google, and central visibility for faster, better detection and response. With 7,000 employees across 70 countries, Trend Micro enables organizations to secure and simplify their connected world.
Site: www.trendmicro.com/pt_br/business.html
Twitter: @TrendmicroBR
Linkedin: www.linkedin.com/company/trend-micro-brasil/
EN 
PT 
