Business

AI-powered cyberattacks surge 340% amid US-Israel-Iran war, billions of dollars at stake

[Editor's Note: Follow Khaleej Times live blog amid US-Israel-Iran war for the latest regional developments.]The rapid weaponisation of AI (artificial intelligence) amid the ongoing US-Israel-Iran war has overwhelmed traditional corporate defenses, driving breach costs, operational disruption and attacker dwell times to historic extremes, analysts pointed out.But the cyberwarfare did not happen overnight or just last month. AI-fueled cyber breach have surged 340 per cent in the past six months, and it was accelerated by both nation-state actors and criminal enterprises at the onset of the Iran war on February 28.“Large multi-national organisations are now absorbing an average loss of $7.2 million per breach, a 48 per cent ncrease in just 18 months, while AI-enabled intrusions persist undetected for a median 387 days,” according to a digital forensic study conducted by UAE-based Rayad Group."We're witnessing attack sophistication that would have seemed like science fiction 24 months ago. Deepfake authentication, AI-generated zero-day exploits (cyberattacks targeting software vulnerability), autonomous malware that evolves in real-time—these aren't theoretical threats anymore. They're happening daily, and frankly, most organizations are completely unprepared,” cybersecurity expert Rayad Kamal Ayub told Khaleej Times.He added: “The Iran conflict didn't just trigger a wave of state-sponsored attacks—it catalysed the wholesale weaponisation of AI by both nation-state actors and criminal enterprises that designed cyberattacks for business disruption, chaos, psychological impact and financial gain.Stay up to date with the latest news. Follow KT on WhatsApp channels. According to studies, global breach costs in 2025 have surpassed $52 billion, with projections indicating losses could climb to $78 billion this year, which could go even higher with the ongoing conflict in the Middle East.Here’s a round-up of the most notorious cyberattacks in the past six months:March 2026: DarkSword campaignThe highly adaptive AI-driven intrusion targeted enterprise Windows environments and iOS mobile fleets, marking one of the first large-scale cross-platform AI attack. The malware used generative AI models to dynamically craft exploit chains tailored to device configuration, patch levels and user behavior.  AI was used to alter command-and-control infrastructure faster than traditional detection systems could respond.According to investigators, DarkSword used autonomous privilege escalation routines and real-time lateral movement planning to bypass mobile threat detection controls. More than 62,000 endpoints across North America and Europe were compromised within weeks. Early financial damage assessments reported cumulative enterprise losses were more than $1 billion.February 2026: $847 million energy infrastructure attackOn February 14, a highly coordinated cyber operation crippled critical energy infrastructure across Europe. State-linked actors deployed advanced AI deepfakes to convincingly impersonate regulatory authorities, ultimately compromising operational technology environments across 47 facilities spanning Germany, France and the Netherlands."The deepfakes were absolutely flawless," said renowned cybersecurity expert Dr. Sarah Chen, noting “the real-time video synthesis of actual regulatory officials were complete with accurate technical terminology and facility-specific operational details.”The malware TitanStrike was kept dormant for 11 days, autonomously studying operational patterns, before it was launched for synchronised disruption that resulted in cascading grid failures affecting 14 million people without power for up to 72 hours. Direct financial damage reached $847 million, while secondary economic losses were estimated to exceed $3.2 billion.January 2026: $438 million healthcare breachOn January 9, 2026, UnitedHealth Group revealed the largest healthcare data breach on record, exposing personal information belonging to 89 million patients. Investigators later determined the intrusion began in October 2025, leveraging AI-enhanced credential-stuffing attacks that precisely modeled the behavioral patterns of high-value users.Despite an annual cybersecurity investment exceeding $200 million, the breach remained undetected for 92 days. Investigators said the cyberattack used legitimate credentials, “exhibiting perfectly normal behavior, accessing data they have technical permission to view.”December 2025: Fraud enabled by deepfake voiceOn December 3, 2025, JPMorgan Chase disclosed unauthorised trades totaling $267 million, executed after attackers successfully bypassed phone-based verification systems using highly sophisticated AI voice synthesis. Analysts concluded the voice authentication was not only perfect, but also the speech patterns and vocabulary.November 2025: Pharmaceutical intellectual property heistThe malware dubbed "PharmaSiphon" leveraged machine learning to map data sensitivity and extract only th

DDP EditorDDP Editor
AI-powered cyberattacks surge 340% amid US-Israel-Iran war, billions of dollars at stake

[Editor's Note: Follow Khaleej Times live blog amid US-Israel-Iran war for the latest regional developments.]

The rapid weaponisation of AI (artificial intelligence) amid the ongoing US-Israel-Iran war has overwhelmed traditional corporate defenses, driving breach costs, operational disruption and attacker dwell times to historic extremes, analysts pointed out.

But the cyberwarfare did not happen overnight or just last month. AI-fueled cyber breach have surged 340 per cent in the past six months, and it was accelerated by both nation-state actors and criminal enterprises at the onset of the Iran war on February 28.

“Large multi-national organisations are now absorbing an average loss of $7.2 million per breach, a 48 per cent ncrease in just 18 months, while AI-enabled intrusions persist undetected for a median 387 days,” according to a digital forensic study conducted by UAE-based Rayad Group.

"We're witnessing attack sophistication that would have seemed like science fiction 24 months ago. Deepfake authentication, AI-generated zero-day exploits (cyberattacks targeting software vulnerability), autonomous malware that evolves in real-time—these aren't theoretical threats anymore. They're happening daily, and frankly, most organizations are completely unprepared,” cybersecurity expert Rayad Kamal Ayub told Khaleej Times.

He added: “The Iran conflict didn't just trigger a wave of state-sponsored attacks—it catalysed the wholesale weaponisation of AI by both nation-state actors and criminal enterprises that designed cyberattacks for business disruption, chaos, psychological impact and financial gain.

Stay up to date with the latest news. Follow KT on WhatsApp channels. 

According to studies, global breach costs in 2025 have surpassed $52 billion, with projections indicating losses could climb to $78 billion this year, which could go even higher with the ongoing conflict in the Middle East.

Here’s a round-up of the most notorious cyberattacks in the past six months:

March 2026: DarkSword campaign

The highly adaptive AI-driven intrusion targeted enterprise Windows environments and iOS mobile fleets, marking one of the first large-scale cross-platform AI attack. The malware used generative AI models to dynamically craft exploit chains tailored to device configuration, patch levels and user behavior.  AI was used to alter command-and-control infrastructure faster than traditional detection systems could respond.

According to investigators, DarkSword used autonomous privilege escalation routines and real-time lateral movement planning to bypass mobile threat detection controls. More than 62,000 endpoints across North America and Europe were compromised within weeks. Early financial damage assessments reported cumulative enterprise losses were more than $1 billion.

February 2026: $847 million energy infrastructure attack

On February 14, a highly coordinated cyber operation crippled critical energy infrastructure across Europe. State-linked actors deployed advanced AI deepfakes to convincingly impersonate regulatory authorities, ultimately compromising operational technology environments across 47 facilities spanning Germany, France and the Netherlands.

"The deepfakes were absolutely flawless," said renowned cybersecurity expert Dr. Sarah Chen, noting “the real-time video synthesis of actual regulatory officials were complete with accurate technical terminology and facility-specific operational details.”

The malware TitanStrike was kept dormant for 11 days, autonomously studying operational patterns, before it was launched for synchronised disruption that resulted in cascading grid failures affecting 14 million people without power for up to 72 hours. Direct financial damage reached $847 million, while secondary economic losses were estimated to exceed $3.2 billion.

January 2026: $438 million healthcare breach

On January 9, 2026, UnitedHealth Group revealed the largest healthcare data breach on record, exposing personal information belonging to 89 million patients. Investigators later determined the intrusion began in October 2025, leveraging AI-enhanced credential-stuffing attacks that precisely modeled the behavioral patterns of high-value users.

Despite an annual cybersecurity investment exceeding $200 million, the breach remained undetected for 92 days. Investigators said the cyberattack used legitimate credentials, “exhibiting perfectly normal behavior, accessing data they have technical permission to view.”

December 2025: Fraud enabled by deepfake voice

On December 3, 2025, JPMorgan Chase disclosed unauthorised trades totaling $267 million, executed after attackers successfully bypassed phone-based verification systems using highly sophisticated AI voice synthesis. Analysts concluded the voice authentication was not only perfect, but also the speech patterns and vocabulary.

November 2025: Pharmaceutical intellectual property heist

The malware dubbed "PharmaSiphon" leveraged machine learning to map data sensitivity and extract only the most commercially valuable assets. Operating silently for 127 days, PharmaSiphon limited data exfiltration to normal business hours and typical traffic volumes.

What must be done?

Cybersecurity analysts repeatedly say “legacy security architectures have catastrophically failed. Organisations still relying on perimeter defenses, signature-based detection and compliance checklists are operating under a dangerous illusion of protection.”

“Corporate leaders must wake up to a brutal reality: The security architecture that protected you 18 months ago is now completely obsolete," Ayub remarked.

“The threat landscape has fundamentally transformed, and organisations clinging to traditional security models are sitting ducks. The message is unambiguous: Immediately implement zero-trust architecture, AI-powered behavioral analytics, and continuous identity verification,” he underscored, noting: “In the age of AI, catastrophic breach is not a question of if, but when.”

Read More

Tags:

Previous Article

Dubai extinguishes fire on Kuwaiti oil tanker after drone attack

Next Article

$160,000 for one flight to Istanbul: Private jet prices surge on fuel cost jump

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

DDP Editor
DDP Editor Admin managing news updates, RSS feed curation, and PR content publishing. Focused on timely, accurate, and impactful information delivery.

Related Posts

The AI Shield: Trump Administration Plans Tech Carve-Out from New Chip Tariffs

The AI Shield: Trump Administration Plans Tech Carve-Ou...

DDP Editor

Pressure to make budgets add up as Holyrood election looms

Pressure to make budgets add up as Holyrood election looms

DDP Editor

Rijiju Slams Rahul Gandhi Over Musk’s India GDP Tweet: ‘Do Not Disparage National Success’

Rijiju Slams Rahul Gandhi Over Musk’s India GDP Tweet: ...

DDP Editor