SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shadowy figure launching cyberattacks on australian landmarks businesses
#
Malware
#
Cloud Security
#
Advanced Persistent Threat Protection

AI-driven cyberattacks surge, targeting Australian organisations

Thu, 9th Oct 2025
Author image
By Melvin Hipolito, Editor

The Elastic 2025 Global Threat Report has revealed a significant increase in AI-fuelled cyberattacks, with a marked impact observed across Australia.

The report, which draws on more than one billion data points from real production environments, details the evolving tactics of cybercriminals, particularly their use of artificial intelligence (AI) to amplify the scale and efficiency of malicious cyber operations. Incidents impacting major Australian organisations such as Qantas, CommBank, and Optus have demonstrated the pressure even well-fortified institutions face as AI tools become better equipped for mass exploitation.

AI reshaping cyber threats

According to the findings, the use of AI-constructed malicious loaders by attackers has risen by 15.5% over the past year. The execution of malicious code on Windows platforms has nearly doubled, reaching 32.5%-a figure not seen in previous years. The widespread availability of AI-generated malware and an increase in stolen browser credentials are supporting a growing entry class of cybercriminals who prefer launching frequent, opportunistic probes at corporate networks over more complex, stealthy attacks.

"Attackers are shifting from stealth to speed, launching waves of opportunistic attacks with minimal effort. This evolution shows how urgent it is for defenders to harden identity protections and to adapt their detection strategies for this new era of speed attacks," said Devon Kerr, head of Elastic Security Labs and director of Threat Research.

Browsers and credential theft

One of the report's most notable findings concerns web browsers, identified as a major vulnerability in corporate security. The data reveals that one in eight malware samples targeted browser-specific data, with credential theft now the most prominent technique used to access sensitive corporate systems. Exploit campaigns are increasingly focusing on Chromium-based browsers, leveraging methods to bypass existing protections integrated into these browsers.

Changing tactics: Execution over evasion

A notable tactical shift identified by the report is the overtaking of traditional evasion tactics by direct execution attacks on Microsoft Windows systems. The prevalence of execution tactics has nearly doubled to 32%, surpassing defensive evasion for the first time in three years. The GhostPulse loader was highlighted as a major vector, accounting for 12% of signature events, often used to distribute known infostealers such as Lumma and Redline, both responsible for a 6.67% share of such incidents.

Lower barriers for attackers

The proliferation of AI and large language models (LLMs) has also contributed to an increase in more generic cyber threats. Adversaries are increasingly deploying simple but potent AI-generated loaders and other malicious tools. Off-the-shelf malware families, including RemCos (accounting for 9.33% of attacks) and CobaltStrike (around 2%), remain in active circulation, often enhanced by AI-generated code.

Cloud identity under pressure

The cloud has not been immune from these changes. Over 60% of observed cloud security events were related to initial access, persistence, or credential access attempts. Authentication vulnerabilities, particularly in Microsoft Entra ID, were a recurrent target. The report observed that 54% of anomalous Azure activity signals originated from audit logs, with this figure increasing to nearly 90% when all Entra telemetry data was aggregated.

These gaps place a renewed focus on identity management in cloud environments, with the report advising that defenders "elevate identity validation", reinforce know-your-customer (KYC) processes, and treat identity assurance as a critical security measure.

Defensive recommendations

In response to the changing nature of threats, the report outlines a set of recommendations for defenders. These include the adoption of automation supported by human oversight, utilising AI-assisted detection and behavioural analytics while ensuring key decision points remain in human hands. Defenders should also prioritise strengthening browser defences, hardening browser plugins and third-party integrations, and improving visibility into attempts at credential theft.

Other suggested areas for improvement include investing in more robust identity verification systems and ensuring tighter controls around access to cloud platforms. The report underlines the pressing need for organisations to move beyond perimeter defence and adapt to a landscape where attackers use AI to increase the frequency and scale of assaults on IT systems.

The 2025 Global Threat Report was compiled by Elastic Security Labs based on telemetry, public and third-party data collected between June 2024 and July 2025. All information was sanitised and anonymised where applicable to protect the privacy of organisations and individuals.

Related stories
Dark web ‘fraud superstore’ struggles with AI checks
Interactive & Ansvar mark 15 years of tech partnership
DroneShield names Michael Powell new chief operating officer
Rockwell opens Singapore SOC to secure Asia Pacific OT
Aussie Broadband named Fortinet Australia Partner 2025

Top stories

SentinelOne debuts lifecycle platform for AI security
Australians urged to tighten online habits on & off duty
myFirst expands kid-safe tech ecosystem with Circle app
Australians turn to AI for love as dating scams surge
Synology gains ISO 27001:2022 for security management