Cybercrime Trends 2025
These Groups shaped the Malware Landscape in 2025
The "Nastiest Malware Report 2025" from OpenText names the most dangerous players of the year. AI, social engineering and identity theft are shaping a new wave of targeted attacks - from ransomware to data theft.
2025 was characterized by targeted attacks on identities. Cyber criminals used artificial intelligence, deepfakes and automated chat tools to manipulate passwords, voices and personal data. Instead of encrypting entire networks, attackers are increasingly relying on identity misuse and the sale or publication of stolen data.
The latest "Nastiest Malware Report" from OpenText names six groups that have particularly characterized the year:
- Qilin (Agenda) was responsible for more than 200 attacks on hospitals and public institutions. One striking feature was a ransomware control panel that allowed partners to communicate directly with negotiation consultants - an example of the increasing professionalization of the cyber underground.
- Akira was responsible for almost one in five documented ransomware incidents worldwide. The group operates according to clear procedures, uses VPN vulnerabilities and offers its services as a ransomware-as-a-service platform.
- Scattered Spider combined social engineering, SIM swapping and deepfake voices to compromise identities. Despite arrests in September 2025, copycats continue the methods.
- Play Ransomware compromised over 900 managed service providers and used intermittent encryption to speed up attacks and make them harder to detect.
- ShinyHunters infiltrated cloud platforms of global corporations such as Google, Salesforce and Kering. The group uses the timing of GDPR notifications to increase the pressure on affected companies.
- Lumma Stealer serves as the basis for many attacks by collecting and selling access data and cookies from infected systems. This makes even protected environments vulnerable via compromised accounts.
"With ReBeL, farmers can increase their productivity, maximize crop yields and minimize losses that can arise as a result of a lack of manpower, for example," the report states - a reference to the increasing networking between technology, data and targets.
Despite improved protection mechanisms, ransomware remains lucrative. The blackmail economy has stabilized, but financial losses continue to rise. Experts recommend basic measures such as regular patching, strong access controls and targeted awareness-raising against social engineering.
You might also be interested in
Authorities, industry and IT targeted by cyber criminals
Authorities, industry and IT were most frequently targeted by cyber criminals in 2025. Authorities remained the main target of cyber attacks, as the latest report and situation report "Anatomy of a Cyber World: Global Report by Kaspersky Security...
read more...Post-quantum cryptography: time window is running out
Companies are facing a strategic dilemma: quantum computers will soon be able to crack today's encryption, while many organizations will need years to switch to new security standards. A recent survey shows: The window of opportunity is narrowing,...
read more...Shutdown after only 20 Hours
German companies believe they are inadequately prepared for hybrid threats. According to a Bitkom survey, they would only be able to continue working for an average of 20 hours in the event of an internet outage. 83% of respondents expect a serious...
read more...Global Incident Response Report 2026
AI accelerates Cyber Attacks
The "Global Incident Response Report 2026" by the Unit 42 team at Palo Alto Networks analyzes over 750 serious security incidents in more than 50 countries. The evaluation shows faster, more complex attacks, increasing use of AI and growing risks in...
read more...Three new OT Attacker Groups identified
The new OT/ICS report from Dragos documents a growing number of specialized attacker groups and a significant increase in ransomware activity in industrial environments. Three new OT groups have been identified.
read more...16 % more Cyber Attacks in Germany in January
As Check Point's Monthly Cyber Threat Report shows, there were 16 percent more cyber attacks in Germany in January. In Europe, the volume of attacks rose by 18 percent to 1755 weekly attacks per company. In Austria, they rose by 14 percent to 1676,...
read more...Edge Security for Industrial Plants
Advantech uses AI EdgeLabs for Runtime Security
Advantech integrates the AI EdgeLabs platform to implement security and governance functions directly into edge and industrial platforms. The aim is to comply with European cybersecurity regulations such as CRA and NIS2.
read more...Criminals use AI Systematically
Trend Micro warns in a new study of the increasing professionalization of AI-supported cybercrime. Deepfakes, fraud and malware are gaining in importance.
read more...Trend Micro warns of Darknet AI 'Xanthorox'
AI writes Malware at the Touch of a Button
The AI tool 'Xanthorox' is supposed to generate malicious code automatically and is advertised in criminal forums. According to Trend Micro, it is less powerful than claimed, but shows how easily attackers can use generative AI for cyberattacks.
read more...