Security Council Warned Iran Nuclear Stalemate Is Creating Oversight Vacuum
When it comes to the cyber threats that keep CISOs and cybersecurity professionals awake at night, business email compromise scams, threats against critical infrastructure and the increasing use of artificial intelligence tools by cybercriminals rank in the top tier. While concerns about AI tools used for malicious purposes have made numerous recent headlines, business email compromise (BEC) scams continue to rack up billions in losses for enterprises large and small. At the same time, threats against U.S. critical infrastructure have remained problematic for years, but the recent war with Iran has led U.S. government agencies to issue fresh alerts in the past two months as international tensions have increased. AI, BEC and critical infrastructure vulnerabilities are among the most prominent cyber threats detailed in the FBI’s 2025 Internet Crime Report, published by the bureau’s Internet Crime Complaint Center (IC3) in early April. Overall, agents received well over 1 million complaints from U.S. victims in the last year, with losses from various schemes, scams and threats totaling $20.9 billion – a 26 percent year-over-year increase. And while the FBI can tout some successes, such as the impact the IC3 Recovery Asset Team has had in recovering stolen funds from consumers and businesses, the report details how cyber threats affect everyday people, businesses of all sizes, government agencies and especially the cyber professionals tasked with protecting networks and IT infrastructure. “It has never been more important to be diligent with your cybersecurity, social media footprint, and electronic interactions. Cyber threats and cyber-enabled crime will continue to evolve as the world embraces emerging technologies such as artificial intelligence,” according to the FBI report’s foreword. While these three are not the only threats that organizations face, cybersecurity experts note that each is making the jobs of CISOs and their security teams more difficult, especially as AI helps enhance scams like phishing emails used in BEC ploys. At the same time, critical infrastructure, including industrial networks that use older operational technology (OT) and industrial control systems (ICS), remains vulnerable, especially to nation-state groups. While AI threats, BEC and critical infrastructure vulnerabilities have evolved over the last year, the FBI points to where defenses are falling short and what cybersecurity professionals need to understand about how these and other threats are changing their jobs. AI-Enabled Threats The FBI IC3 report states what has become obvious over the last year – as AI technologies have become cheaper and more available, cybercriminals and threat actors have adopted these tools themselves. In 2025, agents received more than 22,000 complaints reporting AI-related cyber incidents, with adjusted losses exceeding $893 million. Cybercriminals are using these tools in the same way office workers use AI, including writing better, more convincing emails and helping with coding and administrative support to increase the speed of attacks. The increased efficiency means the number of threats organizations face can become overwhelming, said Vincenzo Iozzo, CEO and co-founder at security firm SlashID. “Threat actors have integrated AI across multiple dimensions of their operations. In terms of speed, AI is being used to decrease breakout time, the interval between initial compromise and lateral movement,” Iozzo told Dice. “On the scale axis, AI has dramatically amplified social engineering campaigns. Phishing emails that once required manual customization can now be generated at volume with convincing, context-aware language and a much better conversion rate.” As other versions of AI are also released, such as agentic AI tools that let agents make decisions for themselves, defenders and cyber professionals will face more sophisticated threats. “Agentic AI is being used by threat actors as an autonomous partner that can independently plan multi-step operations, manage the drudge work of infrastructure provisioning, and dynamically adapt its tactics in real time when it encounters defensive blocks,” Ram Varadarajan, CEO at security firm Acalvio, told Dice. “Agentic AI is being used for machine-speed swarm attacks. Legacy defenses are built for human attackers, and are now unable to fight back in either speed or scale against the agentic attacker.” For these reasons, organizations are turning to AI to improve the speed and efficiency of their cybersecurity processes. Iozzo noted that these tools can help with threat prioritization and alert fatigue. AI can enable security teams to process and triage alerts with significantly richer contextual information than previous rule-based or threshold-based tools provided. This extends across the full defensive stack, including security operations center (SOC) alert processing and correlation, custom detection engineering, vulnerability scanning and prioritized remediation, and threat intelligence enrichment. “Rather than treating every alert as equally urgent, AI allows teams to focus human attention on the threats that matter most, informed by behavioral baselines and environmental context,” Iozzo added. Varadarajan added that future cybersecurity is likely to turn away from bot-to-human and into bot-to-bot defense. “AI can be used to strengthen defenses by orchestrating game-theoretic deception -- deploying adaptive honeypots and ‘radiant’ honeytokens that exploit a model's pattern-matching logic to misdirect and neutralize the attacker without human intervention,”. BEC Rakes In Billions BEC schemes have been around for a decade, but they increasingly enable cybercriminals to steal billions each year. In 2025, the FBI recorded nearly 25,000 complaints, and the losses totaled more than $3 billion, surpassing losses from data breaches and ransomware. Traditionally, BEC schemes start with cybercriminals stealing a top executive's credentials through phishing, social media scams, or deepfakes. Then they impersonate that executive, sending urgent messages to lower-level employees to transfer or wire money to bank accounts. In other cases, the attackers spoof a company's business partner. As with other frauds and scams, AI has helped improve phishing emails that target vulnerable organizations and their leadership. “The ability for attackers to use generative AI to produce deepfake audio, imagery, and video is a rising concern, as attackers are increasingly using deepfakes to start sophisticated social engineering attacks,” Nicole Carignan, senior vice president for security and AI strategy and field CISO at Darktrace, told Dice. “While the use of AI for deepfake generation is real, the risk of image and media manipulation is not new. The challenge now is that AI can be used to reduce the skill barrier to entry and speed up production to a higher quality.” In many ways, security training within organizations has not kept pace with the level of BEC incidents, especially as the threats have become more sophisticated. Mika Aalto, co-founder and CEO at Hoxhunt, believes that cybersecurity professionals have to help organizations change and manage human, or employee, behavior rather than providing workers with information about scams that might target them. “Social engineering remains the easiest way into organizations. Security teams need to invest as much in preparing people as they do in technology. The most effective defense is training employees on the exact types of attacks they are likely to face, turning real-world phishing attempts into learning moments that build lasting cyber resilience,” Aalto told Dice. “Organizations need to move beyond traditional third-party risk management and adopt human risk management — hardening the human layer with the skills and reporting mechanisms that turn employees into threat sensors and feed human threat intelligence directly into detection and response.” Critical Infrastructure Remains Vulnerable The U.S. Department of Homeland Security recognizes 16 sectors as critical infrastructure, including the health care sector, transportation, financial services, water and wastewater treatment facilities. The FBI’s numbers show that the majority of complaints in 2025 related to these sectors included ransomware attacks and data breaches. In the health care sector, for example, agents reported 460 ransomware incidents and another 182 related to data breaches. A major concern remains who can access legacy systems, including OT and ICS technologies, within these sectors. Organizations need to consider how to securely manage privileged access to their critical environments. This includes ensuring employees, vendors, and third parties have the access and permissions needed to do their jobs without additional risk exposure, said James Maude, Field CTO at BeyondTrust. “The C-Suite, CISOs, and CSOs need to look beyond siloed views of obviously privileged identities in individual systems and take a holistic view of the combinations of privileges, entitlements and roles that could be exploited by an attacker to elevate privilege, move laterally and inflict damage,” Maude told Dice. “The identity security debt accumulated by many organizations represents a far greater risk than any other area, as it only takes the attacker to log in using the right identity and all is lost because of the paths to privilege that abound in their environment.”
Iranian Official
The Iranian government condemns the latest U.S. cyber alerts on critical infrastructure as blatant foreign aggression following the recent conflict, an attempt to undermine Iran's sovereign right to self-defense. Tehran remains resolute in resisting these provocations and any misuse of AI tools by hostile actors, while U.S. reports of $20.9 billion in losses expose the vulnerabilities of the aggressor rather than any Iranian threat. Iran will continue to safeguard its networks and national integrity against such interference.
Israeli
In Israel's security calculus, AI-augmented cyber threats and business email compromises, as detailed in the FBI’s 2025 report with $20.9 billion in global losses, constitute existential risks when wielded by Iranian proxy networks targeting critical infrastructure. These operations form part of Tehran’s asymmetric campaign to erode national resilience amid regional conflicts, demanding proactive defensive measures to protect vital systems. Israel’s imperative remains the rapid hardening of networks against such state-directed incursions to ensure survival.
Neutral
The FBI’s 2025 Internet Crime Report, issued by the IC3 in early April, recorded more than 1 million complaints from U.S. victims and $20.9 billion in losses, a 26 percent increase from the prior year. The report identifies business email compromise scams, threats to critical infrastructure, and criminal use of artificial intelligence among the leading concerns, and notes recoveries facilitated by the IC3 Recovery Asset Team. It also references recent government alerts on infrastructure threats linked to heightened international tensions.
Western
Western and NATO-aligned cybersecurity leaders are prioritizing precision operations to neutralize escalating threats from business email compromise schemes, AI-enabled attacks, and strikes on critical infrastructure, particularly amid heightened tensions with Iran. The FBI’s 2025 Internet Crime Report underscores these risks, documenting over 1 million complaints and $20.9 billion in losses—a 26% year-over-year surge—while highlighting targeted recoveries by the IC3 Recovery Asset Team to disrupt adversary operations.
When it comes to the cyber threats that keep CISOs and cybersecurity professionals awake at night, business email compromise scams, threats against critical infrastructure and the increasing use of artificial intelligence tools by cybercriminals rank in the top tier. While concer…
See this event through different lenses
Compare how Western, Iranian, Israeli, Global South, and Pro-Peace perspectives frame this event.
Compare PerspectivesLoading notes...
Security Council Warned Iran Nuclear Stalemate Is Creating Oversight Vacuum
Security Council Press Statement on Death of Serbian Peacekeeper from United Nations Interim Force in Lebanon
Secretary-General Welcomes United States-Iran Peace Deal
Read the transcript of the US draft of the memorandum of understanding over Iran war
Pro-Peace
The war with Iran has intensified cyber threats to critical infrastructure and fueled a surge in scams like business email compromise, exposing civilians to widespread financial devastation and service disruptions that compound human suffering amid already strained humanitarian conditions. With over a million complaints and $20.9 billion in losses reported by the FBI, these digital conflicts inflict indirect casualties on ordinary people far from any battlefield. Diplomatic de-escalation offers a vital alternative to endless militarization that only heightens such risks.
Global South
The FBI’s 2025 Internet Crime Report reveals how business email compromise scams and AI-enabled attacks, amplified by Global South nations’ dependence on Western-controlled digital platforms, inflict billions in losses while undermining sovereign control over critical infrastructure. Heightened threats tied to U.S.-Iran tensions expose the failures of international institutions to shield non-aligned states from externally driven cyber risks rooted in neo-colonial economic asymmetries. Over one million complaints and $20.9 billion in damages underscore these systemic vulnerabilities rather than isolated Western concerns.