Cyble Global Cybersecurity Report 2025: A Year of Escalation

Ransomware Landscape Transformed

Key Ransomware Statistics

• 5,967 total ransomware attacks in 2025 (50% increase year-over-year)
• The manufacturing sector most targeted, suffering the highest operational disruption
• Construction, Professional Services, Healthcare, and IT are among the top five targets
• The United States experienced the majority of attacks; Australia entered the top-five list for the first time
• 31 incidents directly impacted critical infrastructure

Data Breaches Near Record Levels

Vulnerabilities Drive Attack Surge

• CVE-2025-61882 (Oracle E-Business Suite RCE) – leveraged by CL0P
• CVE-2025-10035 (GoAnywhere MFT RCE) – exploited by Medusa
• Multiple vulnerabilities in Fortinet, Ivanti, and Cisco products with CVSS scores above 9.0

Geopolitical Hacktivism Surges

• The Israel-Iran conflict triggered operations by 74 hacktivist groups
• India-Pakistan tensions generated 1.5 million intrusion attempts
• North Korea’s IT worker fraud schemes infiltrated global companies
• DDoS attacks, website defacements, and breaches targeted governments and critical infrastructure

Industry-Specific Insights

• Manufacturing: Most attacked sector due to reliance on OT/ICS environments and low tolerance for downtime
• Construction: Heavily targeted by Akira; time-sensitive projects created maximum pressure points
• Professional Services: Law firms and consultancies compromised for sensitive client data and supply chain leverage
• Healthcare: Continued to face attacks from groups like BianLian, Abyss, and INC Ransom due to critical data availability needs
• IT & ITES: Service providers exploited to enable cascading supply chain attacks against downstream customers

Outlook

For a full analysis, the Global Cybersecurity Report 2025 is available at Cyble Research Reports.

This chilling paragraph is in a comprehensive Brookings report about the use of tech to deport people from the US:

The administration has also adapted its methods of social media surveillance. Though agencies like the State Department have gathered millions of handles and monitored political discussions online, the Trump administration has been more explicit in who it’s targeting. Secretary of State Marco Rubio announced a new, zero-tolerance “Catch and Revoke” strategy, which uses AI to monitor the public speech of foreign nationals and revoke visas of those who “abuse [the country’s] hospitality.” In a March press conference, Rubio remarked that at least 300 visas, primarily student and visitor visas, had been revoked on the grounds that visitors are engaging in activity contrary to national interest. A State Department cable also announced a new requirement for student visa applicants to set their social media accounts to public—reflecting stricter vetting practices aimed at identifying individuals who “bear hostile attitudes toward our citizens, culture, government, institutions, or founding principles,” among other criteria.

Article. Report.

New report: “Scam GPT: GenAI and the Automation of Fraud.”

This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more vulnerable to deception, and more likely to either perpetuate scams or fall victim to them.

AI-enhanced scams are not merely financial or technological crimes; they also exploit social vulnerabilities ­ whether short-term, like travel, or structural, like precarious employment. This means they require social solutions in addition to technical ones. By examining how scammers are changing and accelerating their methods, we hope to show that defending against them will require a constellation of cultural shifts, corporate interventions, and eff­ective legislation.

The Atlantic Council has published its second annual report: “Mythical Beasts: Diving into the depths of the global spyware market.”

Too much good detail to summarize, but here are two items:

First, the authors found that the number of US-based investors in spyware has notably increased in the past year, when compared with the sample size of the spyware market captured in the first Mythical Beasts project. In the first edition, the United States was the second-largest investor in the spyware market, following Israel. In that edition, twelve investors were observed to be domiciled within the United States—­whereas in this second edition, twenty new US-based investors were observed investing in the spyware industry in 2024. This indicates a significant increase of US-based investments in spyware in 2024, catapulting the United States to being the largest investor in this sample of the spyware market. This is significant in scale, as US-based investment from 2023 to 2024 largely outpaced that of other major investing countries observed in the first dataset, including Italy, Israel, and the United Kingdom. It is also significant in the disparity it points to ­the visible enforcement gap between the flow of US dollars and US policy initiatives. Despite numerous US policy actions, such as the addition of spyware vendors on the Entity List, and the broader global leadership role that the United States has played through imposing sanctions and diplomatic engagement, US investments continue to fund the very entities that US policymakers are making an effort to combat.

Second, the authors elaborated on the central role that resellers and brokers play in the spyware market, while being a notably under-researched set of actors. These entities act as intermediaries, obscuring the connections between vendors, suppliers, and buyers. Oftentimes, intermediaries connect vendors to new regional markets. Their presence in the dataset is almost assuredly underrepresented given the opaque nature of brokers and resellers, making corporate structures and jurisdictional arbitrage more complex and challenging to disentangle. While their uptick in the second edition of the Mythical Beasts project may be the result of a wider, more extensive data-collection effort, there is less reporting on resellers and brokers, and these entities are not systematically understood. As observed in the first report, the activities of these suppliers and brokers represent a critical information gap for advocates of a more effective policy rooted in national security and human rights. These discoveries help bring into sharper focus the state of the spyware market and the wider cyber-proliferation space, and reaffirm the need to research and surface these actors that otherwise undermine the transparency and accountability efforts by state and non-state actors as they relate to the spyware market.

Really good work. Read the whole thing.