Chess pieces showing AI and cybercriminals

The New Chess Masters: How Cybercriminals Are Using AI to Outsmart Security Defences

In a high-stakes chess match, the grandmaster doesn’t win by brute force; they win by observing, anticipating, and exploiting small weaknesses in their opponent’s position. Every move is part of a strategy.

This is exactly how cybercriminals operate today. But instead of sitting across a chessboard, they’re behind keyboards, quietly studying your defences and watching how your systems respond, they’re using AI to do it—faster, smarter, and with relentless precision.

For decades, attackers have relied on methods like port scanning, phishing, and brute-force logins to gain access. Now, AI lets them automate the reconnaissance phase at scale. They launch probing attacks, analyse failures, and refine their methods in real time, learning with each attempt. In Asia Pacific, where organisations are rapidly adopting AI themselves, the threat landscape is evolving just as fast.

These aren’t random strikes. They’re strategic moves, and adversaries are learning from every play. With AI, cybercriminals don’t just attack. They adapt. They anticipate. They remember.

Inside a Ransomware Breach

In a region as digitally connected and fast-paced as Asia Pacific, the relentless probing by cyber adversaries isn’t merely background noise; it’s a ticking clock. Given enough time, they will discover a vulnerability. And when they do, they won’t send a courtesy alert. They’ll quietly extract your data, lock down your systems, and demand a ransom. It’s not a question of if, but when and how far the damage will spread before you can contain it.

Ransomware attacks are on a sharp increase, with ransoms exceeding $1 billion in 2023. Research shows that 88% of organisations were hit by ransomware in the past year, and more than half had to shut down operations for an average of 12 hours. Attackers are out there, testing your fences to find a weakness and succeeding.

They work methodically. First, they create or buy a payload to deliver the damage. Then comes the “dropper” – a layer of code designed to gain access. Beneath is the exploit that targets a specific weakness. Once inside, the payload executes.

The challenge for the attackers is that we typically know how they will approach entering a system, and we’ve gotten very good at securing those access points. They can only use a few standard ways of moving around, like RDP, SSH, and SMB. Because of that, it’s fairly easy to predict their attacks and devise security measures to stop them.

The challenge for us is that every time we devise a new defence strategy, they devise a new attack. And now, with AI, they’re devising new attacks faster than ever.

Cybercrime-as-a-Service Is Thriving

In the booming digital economy of Asia Pacific, speed and scale are crucial, and the same applies to cybercriminals. For every security product you evaluate and deploy, there’s a dark-web equivalent created to exploit it. Attackers don’t always develop their own malware or come up with new exploits. Much like legitimate businesses, they shop around, compare tools, read reviews, and purchase off-the-shelf attack kits that fit their targets. The underground marketplace is thriving, and business is flourishing.

On the dark web, attackers shop for exploits like buying a flat-pack table—quick, easy, and rated by peers. Expert-written, field-tested code is sold to exploit known vulnerabilities. Now, AI is speeding up this process, helping them generate and test code faster, and sell it on.

The result is that invading your systems is as simple as ever. And with AI, adversaries are creating and refining code at an unprecedented pace.

AI Is Their Scout Team

Before launching an attack, cybercriminals do their homework. Across Asia Pacific, they’re using AI to quietly map out your network, testing defences and identifying weak spots. With large language models, they can adapt in real time, developing tailored evasion techniques as they go. Fast, quiet, and increasingly precise.

AI is now handling reconnaissance. They’ve outsourced the probing of your defenses to machines that work thousands of times faster.

This AI enhancement allows them to create exploits very, very quickly, making it that much harder to secure your systems and contain the breach. Attackers now have the capability to say, “Okay, we found that this enterprise is using CrowdStrike and Palo Alto Networks.” Then they type into AI, “develop me an exploit that uses that and can evade these protections.”

Break the Pattern Before They Break In

Although advanced technology is giving adversaries an advantage, the best method of thwarting them is to go back to the basics. According to a recent report by Cortex Xpanse, 32% of overall security issues were rooted in Remote Desktop Protocol (RDP). This means that simply securing RDP ports can stop about a third of all ransomware attacks.

By doing the basics – securing ports, maintaining good cyber hygiene, preventing lateral movement, and adopting Zero Trust principles – organisations can fix and contain their risk by an incredible amount. Even if they don’t stop an attack, it will slow down, allowing you time to contain the breach.

Another common issue is patching. Understandably, organisations want to test patches before deploying to avoid situations like the 2024 CrowdStrike crash. The problem with patches, however, is that to effectively apply a patch, you must often reboot the system. This process is cumbersome and takes time away from work, which impacts productivity.

Many Asia Pacific organisations stick to scheduled patch cycles — weekly, monthly, or on “Patch Tuesday.” It’s better than nothing, but it creates predictable windows where systems stay exposed.

Today’s threat actors operate with surgical precision, persistence, and increasingly, the support of AI-driven reconnaissance tools. They scan for misconfigurations, overlooked assets, and weak segmentation boundaries with relentless precision. The odds aren’t in your favor if your defenses rely solely on prevention. Once a breach occurs—and it will—your ability to contain it becomes the difference between a minor incident and a catastrophic compromise.

Segmentation, especially when informed by AI-driven context, acts as a structural fail-safe: it limits lateral movement, isolates critical systems, and buys your team time to respond. In a threat landscape where speed and automation define the adversary, precision and containment must define the defense.

The question is no longer whether you’ll be targeted—it’s whether your environment is architected to contain the breach and respond faster than the adversary can pivot.