{"id":4197,"date":"2025-07-31T13:00:00","date_gmt":"2025-07-31T13:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4197"},"modified":"2025-07-31T13:00:00","modified_gmt":"2025-07-31T13:00:00","slug":"ransomware-up-179-credential-theft-up-800-2025s-cyber-onslaught-intensifies","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4197","title":{"rendered":"Ransomware up 179%, credential theft up 800%: 2025\u2019s cyber onslaught intensifies"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>In the first six months of 2025, cybercriminals have already stolen billions of credentials, exploited thousands of vulnerabilities, and launched record-breaking ransomware attacks\u2013leaving security teams and organizations worldwide scrambling to keep up.<\/p>\n<p>A Flashpoint midyear tally shows credential theft has jumped ninefold, vulnerability disclosures have risen 3.5 times, and ransomware incidents have nearly tripled.<\/p>\n<p>\u201cIn today\u2019s threat environment, where kinetic conflict, digital sabotage, economic warfare, and terrorism can be intertwined, understanding the full spectrum of risk is critical,\u201d said Andrew Borene, Flashpoint Executive Director, International Markets and Global Security. \u201cBy recognizing these converging threats and clearly communicating their implications to Boards and C-Suite leaders, security professionals can help their organizations address today\u2019s crises while building the strategic resilience for what comes next.\u201d<\/p>\n<p>The US, India, and Brazil have been the most targeted in info-stealing and ransomware attacks in the six months ending June 30, 2025, according to a threat intelligence report by Flashpoint shared with CSO ahead of its publication on Thursday.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Credentials and breaches drove the attack chain<\/h2>\n<p>Credential theft via information-stealing malware rose by 800%, with 1.8 billion credentials stolen from 5.8 million infected hosts. Infostealers such as <a href=\"https:\/\/www.csoonline.com\/article\/3993289\/feds-and-microsoft-crush-lumma-stealer-that-stole-millions-of-passwords.html\">Lumma<\/a> and <a href=\"https:\/\/www.csoonline.com\/article\/3595602\/redline-and-meta-infostealers-taken-down-in-international-law-enforcement-action.html?utm=hybrid_searchhttps:\/\/www.csoonline.com\/article\/3595602\/redline-and-meta-infostealers-taken-down-in-international-law-enforcement-action.html\">Redline<\/a> remain active despite takedowns, while new strains like StealC and Acreed are emerging, the report <a href=\"https:\/\/flashpoint.io\/resources\/report\/flashpoint-global-threat-intelligence-index-midyear?CRO3=%233007_variant\">noted<\/a>.<\/p>\n<p>Stolen credentials directly fuelled a 235% surge in data breaches, which exposed 9.45 billion records in just six months. Nearly 78% of breaches were due to unauthorized access, disproportionately impacting sectors such as professional services, healthcare, finance, manufacturing, and information.<\/p>\n<p>Borene commented that \u201cthe first half of 2025 has revealed a world in flux, where the boundaries between traditional warfare, cyber conflict, and geopolitical competition are dissolving.\u201d He noted that these overlapping crises are increasingly reinforcing one another, magnifying the risks organizations face.<\/p>\n<h2 class=\"wp-block-heading\">Exploits multiply as defenders play catch-up<\/h2>\n<p>Vulnerability disclosure rose by 246%, and publicly available exploits increased by 179%, with over 20000 vulnerabilities disclosed in the first half of 2025\u201335% of which already have exploit code.<\/p>\n<p>A backlog of 42000 vulnerabilities awaiting NVD analysis and delays in CVE enrichment leave organizations blind to many critical flaws, the report noted. Flashpoint advised risk-based patching that prioritizes remotely exploitable vulnerabilities with known fixes, potentially reducing workloads by up to 87%.<\/p>\n<p>Borene noted that \u201cA confluence of profound geopolitical shifts, traditional conflicts, emergent cyber threats, and escalating terrorism risk\u2014all reinforce one another in a truly perilous fashion.\u201d This convergence, he suggested, makes timely advanced intelligence essential for defenders.<\/p>\n<p>A vulnerability breakdown by Flashpoint revealed a total of 2,447 remotely exploitable flaws with both patches and exploit codes available in public.<\/p>\n<h2 class=\"wp-block-heading\">Ransomware\u2019s relentless rise<\/h2>\n<p>Ransomware incidents spiked 179%, with manufacturing, technology, and legal industries among the hardest hit. Groups like <a href=\"https:\/\/www.csoonline.com\/article\/3849313\/about-22k-wab-customers-impacted-by-a-zero-day-attack-on-a-third-party-vendor.html\">Clop<\/a> drove record activity by exploiting <a href=\"https:\/\/www.csoonline.com\/article\/3621746\/attackers-exploit-zero-day-rce-flaw-in-cleo-managed-file-transfer.html\">Cleo software flaws<\/a>, while Akira and Qilin filled the void left by <a href=\"https:\/\/www.csoonline.com\/article\/1309721\/hack-me-if-you-can-lockbit-challenges-authorities-promises-to-return.html\">LockBit\u2019s decline<\/a>.<\/p>\n<p>The United States bore the brunt, with 2160 reported attacks, highlighting how ransomware-as-a-service (RaaS)\u00a0 continues to thrive despite global law enforcement pressure.<\/p>\n<p>\u201cWith ransomware up 179% and data breaches surging 235%, the sheer scale of malicious activity is undeniable,\u201d said Ian Gray, Flashpoint VP, cyber threat intelligence operations. \u201cEffective defense now demands proactive, comprehensive threat intelligence to protect what matters most.\u201d<\/p>\n<p>The report urges organizations to adopt advanced threat intelligence, proactive identity protection, and faster patching strategies to disrupt attackers before they strike.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>In the first six months of 2025, cybercriminals have already stolen billions of credentials, exploited thousands of vulnerabilities, and launched record-breaking ransomware attacks\u2013leaving security teams and organizations worldwide scrambling to keep up. A Flashpoint midyear tally shows credential theft has jumped ninefold, vulnerability disclosures have risen 3.5 times, and ransomware incidents have nearly tripled. \u201cIn [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":4198,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4197"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4197"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4198"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}