AI-powered detection models enhance early-stage prevention across enterprise systems
DLL hijacking—a long-standing but increasingly dangerous cyberattack method—has seen a dramatic resurgence. According to the latest findings from Kaspersky, the number of DLL hijacking attacks has doubled over the past two years, underscoring the growing sophistication of threat actors exploiting trusted system processes.
The technique involves replacing a legitimate dynamic link library (DLL) used by trusted programs with a malicious version. Once the compromised library is loaded, attackers can stealthily execute arbitrary code, often bypassing traditional antivirus mechanisms. Kaspersky notes that both APT groups and cybercrime syndicates are leveraging this method to deliver infostealers, loaders, and banking Trojans at scale.
“AI is now indispensable for detecting stealthy techniques like DLL hijacking.”
— Anna Pidzhakova, Data Scientist, Kaspersky AI Research Center
Kaspersky’s telemetry has identified this attack pattern across multiple regions, including Russia, Africa, and South Korea, with increasing cross-border incidents observed in enterprise networks globally. In response, Kaspersky SIEM has been enhanced with a specialized AI-driven subsystem that continuously analyzes all loaded libraries to detect signs of DLL hijacking and related manipulations.
The company reports that this model has already proven its effectiveness by detecting and stopping an early-stage attack attributed to the APT group ToddyCat. It also prevented several infection attempts involving infostealers and malicious loaders—interventions that underscore the critical role of AI-based threat detection in modern cybersecurity ecosystems.
“Attackers are increasingly exploiting trust in legitimate software,” said Anna Pidzhakova, Data Scientist at Kaspersky’s AI Research Center. “AI can identify subtle anomalies that human analysts or conventional tools might miss, making it essential for defending against advanced techniques like DLL hijacking.”
Kaspersky’s research team has detailed the development and integration of this AI model in two recent Securelist publications, highlighting how machine learning is redefining early detection within the Kaspersky SIEM platform. As threat actors evolve, AI-powered defense is becoming the defining edge in enterprise security.
