As cybercriminals use Artificial Intelligence (AI) to boost the scale and sophistication of malware attacks, Justin Grosfelt, Manager of the Reversing, Emulation, and Testing (RET) Team, Insikt Group, Recorded Future, looks at how defenses must evolve to stay ahead of a new era of threats.
AI-Advanced Attacks
The power, potential and popularity of AI was, sadly, always going to capture the attention of cybercriminals. New tech, and especially the type that has far-reaching possibilities, piques curiosity. AI is creating new ways to enhance innovation, efficiency and productivity – benefits that appeal to legitimate individuals, just as much as attackers.
The transformative technology is starting to be maliciously used by cybercriminals to advance malware attacks. Adoption of Large Language Models (LLMs) are at an early stage and far from maturity but are being used to speed up attacks through faster, automated searches and assessments of network vulnerabilities. Automated code generation can also be used to assist the development of malware, making it quicker to set up infrastructure. Threat actors may also use LLMs to rewrite malware to make it harder to detect.
Modern malware threats can lurk undetected, meaning effective threat hunting becomes increasingly critical. Traditional approaches to malware are no longer sustainable in an emerging era of AI and LLMs - they simply can’t keep pace with the increase and ease of malware attacks.
Outdated Malware Strategies
It’s more crucial than ever that CISOs and cybersecurity teams evolve how they hunt, detect, and respond to malware. Part of this involves fighting fire with fire, by being open to using LLMs and getting ahead of how threat actors are trying to take advantage of AI programs.
LLMs and enhanced malware intelligence can enable organizations to address a fundamental flaw with traditional malware analysis - it takes place in silos, across multiple dimensions, creating dangerous blind spots that modern threats exploit. A huge degree of isolation exists, meaning security teams examine individual samples without understanding the broader context. They struggle to correlate findings across fragmented security tools and lack visibility into how malware families evolve over time. It's like examining a single puzzle piece, while the complete attack unfolds around them.
As threat actors continuously evolve their tactics, traditional analysis falls short. It’s limited to focusing on what malware does today, when it should have the capabilities to determine what malware will become tomorrow. Without understanding malware lineage and evolution patterns, security teams are always one step behind. The result? Critical time is lost, as threats establish persistence and spread laterally through networks.
Threat actors exploit this fragmentation, knowing that isolated defenses struggle to connect the dots between their infrastructure, tactics, and targets. With malware defense evasion techniques surging past three million unique samples in early 2025, the isolation problem has become a crisis of scale that manual processes simply cannot deal with.
Transforming Malware Defenses
Leading organizations are transforming their malware strategies by connecting isolated analysis to comprehensive threat intelligence. They are moving from an isolated, reactive process into an intelligence-driven, predictive capability. This connected approach enables critical capabilities of contextual understanding, predictive insights and accelerated response.
Automated malware intelligence can quickly connect every individual malware sample to an in-depth history and up-to-date knowledge bank of malware threats and attacks. For example, Recorded Future’s Intelligence Graph draws on 200 billion nodes of interconnected malware data built over 15 years, with correlations being run against more than 1.5 million newly analyzed malware samples daily. Security teams can gain immediate insight into malware campaigns, actor methodologies, and infrastructure patterns. Instead of wondering "what does this file do," they can understand "who's behind this, what they're targeting, and how this fits into broader attack patterns."
By tracking how malware families evolve over time, intelligence platforms can anticipate new variants and attack methodologies. This temporal analysis helps organizations prepare defenses for threats that haven't yet appeared in their environment. Hours of manual research can be eliminated by automated correlation and rule generation. What once required specialized expertise and significant time investment, can now happen in seconds, enabling faster containment and more effective threat hunting.
The result is a fundamental shift from reactive to proactive security posture, where organizations can identify and mitigate threats before they establish persistence or cause damage.
Increasingly accurate predictive capabilities are required in the modern era of AI to mitigate the evolving speed, scale and sophistication of malware attacks. Defenses can no longer rely on resource-intensive, manual processes, which are simply too isolated and cumbersome. Malware strategies must deliver real-time alerts and instant protection, and this requires intelligence that joins the dots across the increasingly complex and expanding threat landscape.
To find out more about advanced cyber threat and malware intelligence, watch Infosecurity’s Predicting and Prioritizing Cyber Attacks Using Threat Intelligence webinar.
