"They logged in like normal users and emptied everything"... How AI is reshaping cyberattack patterns [Daily IT Pick]

According to The Financial News, advances in Artificial Intelligence (AI) are transforming how cyberattacks are carried out. Instead of trying to forcibly break into systems, attackers are increasingly "logging in" like legitimate users to obtain internal privileges.
Cloudflare’s "Cloudflare 2026 Threat Intelligence Report" released on the 6th finds that progress in AI has significantly lowered the barrier to entry for cyberattacks.
The report, compiled by Cloudflare’s threat research team Cloudforce One, uses data gathered from its global network. It shows how the nature of modern cyber threats is undergoing a fundamental shift.
Attackers are using large language models (LLMs) to analyze network architectures and discover new vulnerabilities. They are also leveraging deepfake technology to generate highly realistic fake content and incorporate it into their attacks.
In particular, there is a rapid move away from directly exploiting system vulnerabilities toward stealing legitimate user accounts to gain internal access. The report notes a rise in attacks that bypass email accounts or authentication systems, infiltrate corporate networks, and then operate stealthily over long periods.
State-sponsored cyber operations are becoming more sophisticated as well. Chinese-linked hacking groups known as "Salt Typhoon" and "Linen Typhoon" are believed to be targeting North American telecom companies, government agencies, and IT service providers. Rather than sticking to traditional espionage, they are using a "persistent pre-positioning" strategy, planting malware inside rival nations’ networks in advance to prepare for future attacks. These activities are said to extend even to critical U.S. infrastructure.
Attacks linked to North Korea are also evolving into new forms. The report states that North Korean operatives have been caught using AI-generated deepfakes and forged IDs to pass hiring processes and secure jobs at Western companies. They are believed to operate through "laptop farms" set up inside the United States, which help conceal their true locations.
Distributed Denial-of-Service (DDoS) attacks are also reaching unprecedented scale. According to the report, massive botnets such as "Aisuru" have been used to launch DDoS attacks peaking at 31.4 Tbps. That volume is considered powerful enough to disrupt entire national networks.
Cloudflare stresses that security architectures must undergo a fundamental shift to keep up with this changing threat landscape. Organizations can no longer rely solely on blocking external intrusions; instead, they need Zero Trust-based security models that continuously verify the identity and behavior of users inside the network.
Matthew Prince, Cloudflare co-founder and Chief Executive Officer (CEO), said, "Attackers exploit the security gaps created by fragmented and outdated threat intelligence." Blake Darché, head of threat intelligence at Cloudforce One, added, "Attackers are constantly changing their tactics, discovering new vulnerabilities, and looking for ways to overwhelm victim organizations. To avoid always reacting too late, organizations must move away from a purely post-incident security posture and shift to defenses built on real-time, actionable intelligence."
yjjoe@fnnews.com Jo Yoon-joo Reporter