How is AI Making Domain-Based Attacks More Sophisticated?

CISOs report their teams are using AI to enhance processes such as automation, fraud detection, and staff training. But fraudsters are also harnessing AI to launch increasingly sophisticated domain-based cyber attacks.

Artificial intelligence (AI)is a double-edged sword when it comes to battling complex cyber threats. While chief information security officers (CISOs) and their teams are increasingly using AI-powered tools to identify and deal with cyber incidents, criminals and other bad actors are also turning to this technology to carry out increasingly complex attacks, particularly domain-based varieties.

For our “CISO Outlook 2025” report, we commissioned independent research among 300 CISOs, chief information officers (CIOs), and other senior IT professionals globally to understand more about their current cybersecurity concerns. We wanted to understand how cyber threats are evolving, how CISOs are coping with tightening regulations, and how they’re using security policies as well as technology to keep their organizations safe.

Our respondents not only expect cybersecurity threats to increase over the coming years, they predict AI will make some domain-based threats even more potent. As the cybercrime landscape continues to evolve, it’s crucial that CISOs and their teams stay alert, adapt quickly, and build strategies that address both new and legacy security risks.

AI is powering domain-based cyber threats

When asked which attack vectors posed the biggest threats to their organizations last year, and over the next three years, CISOs cited domain-based attacks as well as “more traditional” attacks such as distributed denial of service (DDoS) and ransomware.

Top threats in 2024:

1. Cybersquatting
2. Domain and domain name system (DNS) hijacking and subdomain takeover attacks
3. DDoS attacks

Top threats over the next three years:

1. Cybersquatting
2. Domain and DNS hijacking and subdomain takeover attacks
3. Ransomware and malware

First, the positive news. CISOs are noticing the benefits of using AI as part of their day-to-day operations. They ranked the five factors delivering the biggest ROI from AI integration as:

1. Process automation
2. Internal education and staff training
3. Cybersecurity
4. Fraud detection
5. Data analysis

However, the rise of powerful AI-based capabilities means that some domain-related threats are even more potent and complex than in the past. For instance, entities behind subdomain takeovers are now using AI to scan for abandoned or misconfigured subdomains at scale.

From DGAs to comprehensive campaigns

A majority (87%) of respondents in our study said that domain generation algorithms (DGAs) powered by AI pose a threat to their organization.

The use of AI is helping criminals develop and access a growing variety of complete campaigns to attack organizations. Various platforms—with ominous names such as EvilGPT and FraudGPT—have been developed using AI and enable bad actors to launch targeted campaigns against specific verticals, such as financial services.

The whole idea behind these platforms is to make the campaign as comprehensive as possible so it can enable believable attacks. The misspellings and poor grammar we used to see don’t exist anymore, because AI can produce far more accurate replicas.

Threat actors are also creating new domains that infringe on IP, selling counterfeit items, or supporting phishing schemes. The potential combination of keywords used in domains is almost endless.

Such attacks are more than an inconvenience. Noncompliance with initiatives designed to safeguard sensitive data, such as The Network and Information Security (NIS2) and General Data Protection Regulation (GDPR), attract hefty fines and the risk of reputation damage.

Unfortunately, CISOs surveyed for our report reported they had found NIS2 and GDPR the most challenging regulations to implement. They ranked U.S., EU, and global regulations by difficultly to comply as follows:

• NIS2 Directive (EU) – 53%
• GDPR (EU) – 51%
• Cybersecurity Maturity Model Certification (CMMC) (U.S.) – 41%
• ISO/IEC 27001/2 (global) – 40%
• Payment Card Industry Data Security Standard (U.S.) – 28%

How can CSC help?

How should CISOs prepare for this growth in complexity of domain-based attacks? The first is to be fully aware of and educated about the risks they present to corporations, especially from a financial, compliance, and reputation standpoint. From what we see on the ground, DNS hijacking and subdomain takeovers are only going to become more sophisticated.

An experienced outsourcing partner like CSC can help CISOs stay ahead of emerging threats. Our experts can guide you through the evolution of different cybersecurity risks, because what we’re seeing today won’t be the same trends in a couple of months.

DomainSec^SM is CSC’s proprietary, comprehensive platform for domain security. Powered by a correlation engine and machine learning technology, it brings together the variety of data sets and blocking networks only available to CSC, enabling threat intelligence based on domain security insights.

Contact us to find out more. Read the full report here, “CISO Outlook 2025: Navigating Evolving Domain-Based Threats in an Era of Artificial Intelligence and Tightening Regulation.”