Dominic Jainy is a seasoned IT professional whose expertise sits at the intersection of artificial intelligence, machine learning, and blockchain technology. With a career dedicated to understanding how emerging technologies reshape industrial landscapes, he provides a unique perspective on the evolving nature of digital threats. As the boundary between legitimate user activity and malicious intent continues to blur, Dominic’s insights help clarify how organizations can navigate an era where identity is the new perimeter and velocity often outweighs technical sophistication.
Attackers are increasingly using legitimate credentials to blend into network traffic rather than relying on custom malware. How can security teams differentiate between a valid user and a malicious actor using stolen identity, and what specific anomalies should they monitor within internal access logs?
The shift from technical encryption challenges to high-fidelity identity crises means that security teams can no longer look for a “smoking gun” in the form of a virus file. Instead, we have to look for behavioral deviations that feel “off” even when the credentials used are 100% valid. This involves monitoring for impossible travel scenarios or access requests to sensitive databases that fall outside a user’s typical job function. When an account suddenly starts querying internal directories or accessing lateral systems at 3:00 AM, it’s a red flag that the person behind the keyboard isn’t the authorized employee. We must move beyond simple password checks and treat every authenticated session as a continuous stream of data that requires constant re-validation.
Manufacturing and critical infrastructure now represent over half of all targeted attacks because operational uptime is so vital. Why are these sectors specifically viewed as the most profitable targets for extortion, and what immediate containment steps should a facility take once it detects unauthorized lateral movement?
These sectors are particularly vulnerable because every minute of downtime translates directly into massive revenue loss, making them highly incentivized to pay ransoms quickly to restore “critical continuity.” Currently, manufacturing and infrastructure account for over 50% of all targeted attacks because the physical consequences of a digital breach are so severe. If unauthorized lateral movement is detected, the immediate priority is isolation—severing the connection between the IT network and the operational technology (OT) environment to prevent the infection from reaching the factory floor. Facilities should immediately trigger an incident response plan that includes rotating all administrative credentials and freezing account permissions until the scope of the intrusion is fully mapped.
Artificial intelligence is shifting the landscape toward the velocity of attacks rather than technical elegance, often using LLMs to bridge the gap between a bug and a functional exploit. How does this automation change the traditional patch management lifecycle, and what are the risks of high-volume, “rough-around-the-edges” code?
The traditional patch management lifecycle is being compressed because AI allows attackers to automate semantic mapping, turning a newly discovered bug into a functional exploit almost instantly. We are moving into a reality where the sheer volume of automated, persistent campaigns matters far more than the technical elegance of the code. This “rough-around-the-edges” malware might be noisy, but its velocity allows it to overwhelm human defenders who are still following 30-day patching cycles. Organizations must shift toward automated patching and AI-driven defense mechanisms simply to keep pace with the speed at which these “imperfect” but effective exploits are generated.
Fraudsters frequently target sums just under $50,000 to bypass executive approval thresholds during thread-hijacking attacks. How do these criminals successfully insert themselves into established business dialogues, and what specific authentication protocols can prevent these hijacked conversations from resulting in unauthorized wire transfers?
Criminals use thread-hijacking to insert themselves into existing email chains, exploiting the trust built over weeks of legitimate business dialogue to request funds. By targeting a “sweet spot” of approximately $49,000, they stay just below the $50,000 threshold that typically triggers manual executive oversight or more stringent banking verification. To counter this, organizations must implement out-of-band authentication, such as a mandatory voice or video call to a known number, before any financial details are updated or wires are sent. Relying solely on email is no longer safe, as AI can now automate these hijacked conversations across thousands of concurrent threads without needing manual oversight from the attacker.
State-sponsored groups are now hiding command-and-control operations within legitimate platforms like Google Calendar or Microsoft Azure to appear benign. How can defenders identify malicious traffic when it originates from trusted cloud domains, and how does this change the way organizations must approach zero-trust architecture?
Defenders are in a difficult position when malicious traffic originates from a trusted domain like Microsoft Azure or Google Calendar, as these are often “allowed” by default in most firewalls. To catch these stealthy operations, such as China-linked groups using calendar invites for command-and-control, security teams must analyze the intent and frequency of the traffic rather than just its source. This necessitates a more rigorous zero-trust architecture where we no longer grant implicit trust to a packet just because it comes from a reputable cloud provider. We have to inspect the encrypted payloads and monitor for unusual outbound patterns, treating even the most “benign” platforms as potential conduits for state-sponsored activity.
What is your forecast for the evolution of identity-based ransomware?
I expect that in 2025 and beyond, we will see a dramatic surge in automated name impersonation and identity-based extortion, with criminals attempting to siphon off over $123.5 million through highly targeted, AI-driven campaigns. The era of the “spray and pray” malware attack is ending, replaced by “human-centric operations” that use stolen credentials to live off the land for weeks before striking. My forecast is that identity will become the singular battlefield; if you cannot prove who is behind a device with 100% certainty at every step of a transaction, you should assume the system is compromised. We will see a massive shift toward hardware-based security keys and biometric verification as the only viable ways to stop the $49,000-sized leaks that are currently draining corporate coffers.