/smstreet/media/agency_attachments/3LWGA69AjH55EG7xRGSA.png)
/smstreet/media/member_avatars/2025/05/09/2025-05-09t090606704z-smestreet-logo-transperantpng.png ){kind=logo}
Follow Us/smstreet/media/media_files/2025/11/17/cyble-2025-11-17-14-28-06.jpg)
Cyble Inc. has released its Global Cybersecurity Report 2025, revealing a dramatic escalation in cyber threats worldwide with ransomware attacks up 50% year-over-year, significant data breaches reaching second-highest levels on record, and a thriving underground market for compromised corporate access fueling the global cybercrime economy.
The comprehensive analysis from Cyble documented 5,967 ransomware attacks, 6,046 data breaches and leaks, and 3,013 sales of compromised initial access—representing an unprecedented convergence of threats across all attack vectors.
"2025 has been defined by a major power shift in the threat landscape, with new ransomware groups filling the void left by law enforcement disruptions and demonstrating increasingly sophisticated tactics," said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. "The dramatic rise in supply chain attacks, combined with threat actors' rapid weaponization of zero-day vulnerabilities, has created a perfect storm that demands immediate attention from security teams globally."
Ransomware Landscape Undergoes Major Transformation
Akira Ransomware Emerges with Unprecedented Volume
Akira emerged as the second-most prolific ransomware group behind Qilin, conducting sustained high-tempo campaigns throughout 2025 with particular focus on Construction, Manufacturing, and Professional Services sectors. The group's versatility and opportunistic targeting model enabled successful compromises across nearly every major industry vertical.
CL0P Executes Mass Zero-Day Campaign
CL0P reaffirmed its status as a zero-day specialist with a massive spike in late February 2025, posting hundreds of victims in a single wave. The campaign predominantly targeted Consumer Goods, Transportation & Logistics, and IT sectors through exploitation of widely-used enterprise file transfer software.
Key Ransomware Statistics:
5,967 total ransomware attacks in 2025 (50% increase year-over-year)
Manufacturing sector most targeted (highest operational disruption impact)
Construction, Professional Services, Healthcare, and IT among top five targets
United States experienced the majority of attacks, with Australia emerging as top-five target for the first time.
31 incidents affecting critical infrastructure
Data Breaches Hit Near-Record Levels
Government and law enforcement agencies bore the brunt of data breach activity, accounting for 998 incidents (16.5% of total), followed by Banking, Financial Services, and Insurance with 634 incidents. Combined, these sectors represented over 25% of all breaches, reflecting threat actors' focus on high-value targets containing sensitive citizen data and financial information.
Underground Access Market Fuels Cybercrime Economy
Analysis of 3,013 compromised access sales revealed strategic targeting of data-rich industries:
Retail sector most targeted (594 incidents, nearly 20% of total)
BFSI second most impacted (284 incidents)
Government third highest (175 incidents)
Zero-Day and Known Exploited Vulnerabilities Drive Attack Surge
Critical vulnerabilities in widely-deployed enterprise technologies served as primary initial access vectors throughout 2025:
Most Exploited Vulnerabilities:
CVE-2025-61882 (Oracle E-Business Suite RCE) – CL0P ransomware
CVE-2025-10035 (GoAnywhere MFT RCE) – Medusa ransomware
Multiple Fortinet, Ivanti, and Cisco vulnerabilities with CVSS scores of 9.0+
94 zero-day vulnerabilities identified, 25 scoring above 9.0
Over 86% of CISA's Known Exploited Vulnerabilities catalog entries showed CVSS ratings of 7.0 or higher, with vendors including Microsoft, Fortinet, Apple, Cisco, and Oracle most frequently affected.
Geopolitical Hacktivism Reaches Unprecedented Scale
Cyble researchers documented over 40,000 data leak and dump posts from hacktivist groups, impacting more than 41,400 unique domains across all major industries. Activity was predominantly driven by geopolitical conflicts, particularly:
Israel-Iran conflict sparked cyber operations by 74 hacktivist groups
India-Pakistan tensions generated 1.5 million intrusion attempts
North Korea's IT worker fraud schemes infiltrated global companies
DDoS attacks, website defacements, and data breaches targeted government and critical infrastructure
Industry-Specific Insights
Manufacturing: Most attacked sector due to reliance on OT/ICS environments and low tolerance for downtime
Construction: Heavily targeted by Akira; time-sensitive projects create maximum pressure points
Professional Services: Law firms and consulting agencies targeted for sensitive client data and supply chain attack opportunities
Healthcare: Protected sector remains frequent victim due to critical data availability needs; BianLian, Abyss, and INC Ransom frequently observed
IT & ITES: Technology service providers compromised to enable cascading supply chain attacks against downstream customers