Alper Aktaş
Endüstri Vadisi
- Thread Author
- #1
In March 2026, cyberattacks increased by 22% compared to the previous month, highlighting the impact of the malicious use and unregulated adoption of artificial intelligence. The human factor is now critical in ensuring responsible use and operational resilience.
### AI as a Malicious User
The complex potential of artificial intelligence is being rapidly adapted by various threat actors, from states to hacktivists. In early 2026, politically motivated AI-powered deepfake propaganda was used in the Ukraine-Russia war, a method expected to become widespread in many elections throughout 2026.
In social engineering, AI platforms like Google Gemini are being used by threat actors to accurately translate messages and increase their credibility. Due to decreasing AI software development costs, dynamic decision-making capabilities will be further exploited by threat actors across all stages of the attack chain.
### Vulnerabilities in AI Applications
Over-reliance on "vibe coding," an approach that often produces insecure code, leads to serious security issues. The generation of passwords with generative AI platforms is a concern because, despite appearing strong due to training data, they can create predictable passwords. CISOs, while evaluating AI-generated threats, must analyze their internal security hygiene as thoroughly as external threats.
Matt Hull, Vice President of Cyber Intelligence and Response at NCC Group, stated, "AI is accelerating cyber risk in both scale and complexity, and this shift could leave all businesses, big and small, exposed. CISOs must understand that cyberattacks are facing AI-driven ransomware and social engineering threats, and insecure AI platforms create internal risks. Resilient organizations must make cybersecurity a top management priority."
### New Techniques in Ransomware
In the first quarter of 2026, the group that carried out the most attacks was Qilin (340 attacks), followed by Gentlemen (149) and NightSpire (136). The excessive claims of these groups, coupled with a lack of verified victims, led to questions about their activities.
A ransomware incident in March highlighted the importance of layered defense strategies against zero-day vulnerabilities. The Interlock group, targeting a critical vulnerability in the Cosco Secure Firewall Management Center, was able to execute arbitrary Java code with root privileges. The group, which typically pressures victims with "double extortion" tactics, began moving from random opportunistic attacks to exploiting more effective corporate-level vulnerabilities.
Matt Hull said, "Ransomware attacks in March increased by almost a quarter, rising to 2112 in Q1 2026. This figure shows a 3% decrease compared to Q4 2025, but the intervention of malicious proxy servers, such as the FBI's Operation Winter SHIELD and Europol's SocksExport, was effective."
Hull also added, "AI can change the way businesses operate, but many companies are still lacking in basic security measures: identity security, access controls, support processes, and visibility in cloud and on-premise environments. Being prepared is critical to avoid extending response times from weeks to months. Conduct incident simulations, test your plans, perform drills, and check that backups are working.
