According to the Elastic 2025 Global Threat Report, hackers are using AI to supercharge old-school tricks, such as phishing, password theft, and dodgy downloads, to attack businesses at a scale we’ve never seen before.

You can forget the lone hacker in a hoodie; today’s threat landscape has changed. It’s bots running 24/7, powered by AI, scanning for any open door to your business systems.

“The bad guys are shifting from stealth to speed,” says Devon Kerr, head of Elastic Security Labs. “They’re launching waves of opportunistic attacks with minimal effort.”

Old scams, new tech

Elastic’s report is based on more than a billion data points collected from real business environments, and the trends aren’t pretty.

The number of generic threats, such as AI-generated malware that’s churned out in bulk, jumped 15.5 per cent in the past year. Meanwhile, malicious code execution on Windows nearly doubled to 32.5 per cent.

Elastic reports that Generative AI is behind the spike. Gen AI has made it incredibly easy to create malware, phishing emails and fake logins that look legit. It’s the industrialisation of cyber crime: mass-produced, automated, and scalable.

“AI is lowering the barrier to entry for threat actors. We’re seeing adversaries using large language models to churn out simple but effective malicious loaders and tools,” said Kerr.

Your browser could be betraying you

If you thought malware lived only in suspicious downloads or dodgy USB sticks, you don’t have the complete picture. Elastic’s report found that one in eight malware samples now target browser data.

This means that your saved passwords, autofill details, and browsing history could be the jackpot that hackers are after.

Browser-based ‘infostealers’ are increasingly exploiting Chromium-based browsers such as Chrome, Edge, Opera and Brave, to sneak past built-in protections. Once they grab your credentials, they then sell them on the dark web or use them to waltz straight into your business systems to attack you from within.

According to the report, credential theft has become the most common sub-technique hackers use to gain access.

Why Windows is copping it

The report also shows that attacks on Windows systems have nearly doubled, overtaking defence evasion for the first time in three years.

Hackers are also being more brazen; many cyber criminals aren’t even bothering to hide anymore. They’re going straight for the jugular, using known malware families like GhostPulse (which accounted for 12 per cent of events), to infiltrate pixels and deliver data-stealing malware, such as Lumma and Redline, to steal your credentials.

Elastic reports these attacks are fast and unrelenting. By adopting Gen AI, bad actors can hammer every open port at lightning speed until something gives.

The cloud is under attack, too

If you’re using cloud tools like Microsoft 365, Azure or Google Workspace, you’re in the firing line as well.

Elastic found that more than 60 per cent of cloud security events involved issues such as unauthorised access, stolen credentials, or attackers burrowing in to maintain persistence.

The login process is still the weakest link. Attackers are getting into cloud accounts using compromised passwords or poorly secured admin credentials, and from there, they can cause havoc across your systems.

The new wave of ‘fast’ attacks

In the past, hackers prided themselves on stealth, the art of sneaking in undetected, but AI-enhanced attackers are taking the opposite approach.

They’re throwing wave after wave of small, opportunistic probes at businesses, looking for weak spots.

These ‘speed attacks’, as Elastic calls them, rely on volume rather than sophistication. And they’re particularly nasty for small businesses that may not have the budget for top-tier security tools or dedicated IT staff.

A reality check for 2025

AI is giving cyber criminals the same productivity boost it’s giving the rest of us. Only hackers are using it to scale attacks, instead of streamlining business processes. Small business owners need to think beyond antivirus software and phishing awareness training if they want to stay safe. The hacker’s battleground has shifted to browsers, identity systems, and the cloud.

While you may not be able to outsmart every bot or stop every breach attempt, you can make your business a harder target.

“Defenders need to adapt their detection strategies for this new era of speed attacks,” Kerr says. “Hardening identity protections is now more urgent than ever.”

4 ways to protect your business

Elastic’s experts recommend a few key defences that even small teams can put in place to stay ahead of threats:

1. Strengthen your identity checks
   Treat identity verification like a core part of your security. This means enforcing multi-factor authentication (MFA) on all accounts, rotating passwords regularly, and reviewing who has access to what resources.
2. Beef up your browser defences.
   Disable your browser’s auto-saving of passwords and limit extensions to trusted sources. Consider using a password manager instead and educate your team about phishing pages that mimic login screens.
3. Embrace automation
   Elastic recommends using AI-assisted detection tools to flag suspicious behaviour faster, but always keeping a human in the loop to make the call. Automation can save time, but human judgment still matters.
4. Keep your cloud clean
   Review your cloud permissions and disable inactive accounts. Turn on login alerts so you know when (and where) someone’s accessing your systems.

Need more help to protect your business? Why not check out our cybersecurity hub for more tips? Or enrol in COSBOA’s free Cyber Wardens course.

Want more? Get our newsletter delivered straight to your inbox! Follow Business Builders on Facebook, X, Instagram, and LinkedIn.