Kaspersky SAS 2025 – Sergey Lozhkin from Kaspersky GReAT talks about the proliferation of malware and the rise of Dark AI

As the Head of Research Centre, APAC ＆ META, Kaspersky Global Research and Analysis Team (GReAT, Sergey Lozhkin is on the front lines of the war on cybercrime.

In addition to leading a team of elite cybersecurity researchers, he specialises in malware reverse engineering focusing on target attacks from advanced persistent threats (APTs) and financial crimeware, and broader cybercrime research and threat hunting. In his some dozen years at Kaspersky, he’s seen it all. 

At Kaspersky Security Analyst Summit 2025, he takes time off from the hectic circuit of talks to share more about his experiences as well as his view on the capabilities of malware and what threats are on the horizon including the proliferation of Dark AI.

[Hitech Century] From everyday users, SMEs, large corporations to government entities at the country level, what are some of the scariest ways a malware infection can impact each group? How do cyber criminals change their tactics based on their target audience?

[Sergey Lozhkin] If you’re speaking about common people at large, I see a huge increase in online scam attacks that leverage AI. What we can see is that the quality of phishing emails, videos and pictures has increased dramatically and AI can create facsimiles of the voices and images of actual people that are often indistinguishable from the real thing.

Researchers at the Queen Mary University of London conducted a study on the realism of AI-generated voices by comparing them to actual human voices. The research found that fake voices are indistinguishable from real ones to the human ear.

Scams, online attacks and deep fakes can easily deceive many non tech-savvy users today. In 2024, a finance worker in a multinational company was tricked into paying out US$25 million by scammers who posed as the company’s chief financial officer in a video call.

If you are speaking about SMEs, corporations and governments, the main threatscape has remained various permutations of crimeware, ransomware and APT sponsored attacks for years.

What has changed is that AI is increasingly being used to assist in the creation of new malware for cyber-espionage. With AI, attacks are much faster to create and execute. If the threat actor is an experienced malware developer, AI can help him create malware faster, more efficiently and with greater levels of sophistication. 

The BlueNoroff APT group has been behind a string of similar cases, using its typical modus operandi of social engineering and fabricating fake companies or groups. They can create near-perfect imitations to infiltrate organisations for financial gain or to steal critical information.

[Hitech Century] How are today’s malware threats different from five years ago, especially in regards to mobile wallets, digital IDs and connected lifestyles (smart homes, smart watches and EV cars)?

[Sergey Lozhkin] There is not much difference if we are speaking about the areas that malware and especially ransomware are attacking – it is all the same. Five years ago we had malware creating botnets. While the overall number of malware attacks has decreased, their capabilities have evolved – they are fewer, but far more sophisticated.

In this regard, the most active ransomware groups – FunSec, Medusa and KillSec – have shifted from performing massive attacks on everyone and have moved into more targeted schemes where they choose their targets carefully. They collect as much intelligence as possible and they spare no effort, often buying zero day exploits to infiltrate companies when the potential payoff is high.

[Hitech Century] With AI tools getting smarter, more localised and accessible, have you seen any signs of Dark AI being used to target Malaysian users or businesses? 

[Sergey Lozhkin] For the uninitiated, Dark AI refers to Large Language Models (LLM) or full frameworks designed or modified to enable cybercriminal activities. Dark AI is no different from any other LLM AI that can take queries and answer them but it has no guard rails and is not restricted in providing answers and solutions to create malware and scams. 

The usual AIs will not allow users to create malware code but AI can be jailbroken. The biggest differentiation for Dark AI is that the models they are trained on involve tons of malicious code, to train them up in performing cybercriminal activities.

When trained on malicious data, Dark AI can perform specialised tasks such as generating phishing emails or crafting specific malware. Some frameworks are versatile enough to perform multiple malicious functions.

We don’t yet have specifics for Malaysia but we have observed the use of Dark AI in cyberattacks across the broader South Asia region and the usage and promotion of Dark AI tools in underground markets.

This allows threat actors to create malicious code in an unrestricted fashion. They can ask for ransomware code and they will get the source code nicely written for them. One can even ask for code to bypass Windows Defender or to create a new technique of process injection.

These frameworks can be sold for money and include such capabilities as creating phishing emails with native language fluency, generating realistic video images or voice deepfakes and more. 

These tools, including Dark AI, are being sold in international underground markets. I see traces of it from cybercriminals from South Asia to attack South Asian countries and create malware. But it isn’t restricted to just South Asia. When it comes to international cybercrime, many threat actors from different regions are using the same tools.

[Hitech Century] When we hear about APT attacks, they often sound distant, something only the government and big corporations should worry about. But why should everyday users care? What are we not realising about these threats? 

[Sergey Lozhkin] Most users will not be targeted by an APT attack as these groups primarily target organisations and persons of interest such as governments, public personalities, companies, people related to the sciences or in fields that attract international attention. By and large, if you are an average joe or jane you should not worry about APT attacks.

Your personal devices like your laptop and phone remain common avenues for cyberattack. If you are in a country where there is no avenue for public speech or free expression and journalists are monitored by governments, you can be the target of an APT attack. 

Sergey Lozhkin – Key takeaways and what everyone should know about cybersecurity

[Sergey Lozhkin] Everyone should understand basic precautions such as what website links not to open and how to avoid becoming an easy target. However, the top 3 bits of advice for most users are:

• Don’t trust AI 100%. It’s not infallible.
• Read at least basic information about cybersecurity threats and that people exist that want to attack you.
• Don’t spend too much time on social networks.

Ultimately, everyone should at least learn the basics of cybersecurity and remember that real people out there are looking to exploit others online. [End]

You can also check out our other features at Kaspersky SAS 2025 about Dante spyware here, the BlueNoroff APT group here and critical cybersecurity flaws in connected vehicles here.