A new report from IBM’s X-Force 2025 Threat Intelligence Index shows that cybercriminals are changing their tactics. Instead of mainly using ransomware to lock systems, more hackers are now trying to quietly steal login information. IBM studied over 150 billion security events each day from 130+ countries and found that infostealers, a type of malware sent through emails to steal data, rose by 84% in 2024 compared to 2023.
This change means that instead of damaging systems right away, attackers are sneaking into networks to steal passwords and other sensitive information. Mark Hughes, a cybersecurity leader at IBM, said attackers are finding ways into complex cloud systems without making a mess. He also advised businesses to stop relying on basic protection methods. Instead, companies should improve how they manage passwords, fix weaknesses in multi-factor authentication, and actively search for hidden threats before any damage happens.
Critical industries such as energy, healthcare, and transportation were the main targets in the past year. About 70% of the incidents IBM helped handle involved critical infrastructure. In around 25% of these cases, attackers got in by taking advantage of known flaws in systems that had not been fixed. Many hackers now prefer stealing important data instead of locking it with ransomware. Data theft was the method in 18% of cases, while encryption-based attacks made up only 11%.
The study also found that Asia and North America were attacked the most, together making up nearly 60% of global incidents. Asia alone saw 34% of the attacks, and North America had 24%. Manufacturing businesses remained the top industry targeted for the fourth year in a row because even short outages can seriously hurt their operations.
Emerging threats related to artificial intelligence (AI) were also discussed. No major attacks on AI systems happened in 2024, but experts found some early signs of possible risks. For example, a serious security gap was found in a software framework used to create AI agents. As AI technology spreads, hackers are likely to build new tools to attack these systems, making it very important to secure AI pipelines early.
Another major concern is the slow pace of fixing vulnerabilities in many companies. IBM found that many Red Hat Enterprise Linux users had not updated their systems properly, leaving them open to attacks. Also, ransomware groups like Akira, Lockbit, Clop, and RansomHub have evolved to target both Windows and Linux systems.
Lastly, phishing attacks that deliver infostealers increased by 180% in 2024 compared to the year before. Even though ransomware still accounted for 28% of malware cases, the overall number of ransomware incidents fell. Cybercriminals are clearly moving towards quieter methods that focus on stealing identities rather than locking down systems.
Security vendor BforeAI said around 600 phishing campaigns surfaced after the Bybit heist, which was intended to steal cryptocurrency from its customers. In the last three weeks, after the news of the biggest crypto scam in history, BforeAI found 596 suspicious domains from 13 different countries.
Dozens of these malicious domains mimicked the cryptocurrency exchange itself (Bybit), most using typosquatting techniques and keywords like “wallet,” “refund,” “information, “recovery,” and “check.”
According to BforeAI, there were also “instances of popular crypto keywords such as ‘metaconnect,’ ‘mining,’ and ‘airdrop,’ as well as the use of free hosting and subdomain registration services such as Netlify, Vercel, and Pages.dev.”
The use of free hosting services and dynamics is a common practice in this dataset. Many phishing pages are hosted on forums that offer anonymous, quick deployment without asking for domain purchases. Also, the highest number of verified malicious domains were registered in the UK.
After the incident, Bybit assured customers that they wouldn’t lose any money as a result. But the hackers took advantage of this situation and intentionally created a sense of anxiety and urgency via deceptive tactics like ‘fake recovery services and ‘phishing schemes.’ A few phishing websites pretended to be the “Bybit Help Center.”
The end goal was to make victims enter their crypto/Bybit passwords. A few weeks later, campaigns changed from “withdrawals, information, and refunds” through spoof Bybit sites to providing “crypto and training guides” and special rewards to trick potential investors.
Regardless of the change in these crypto and training guides, the campaigns persevered a “connection to the earlier withdrawal scams by including ‘how to withdraw from Bybit guides,’ BforeAI explained. This results in “a flow of traffic between learning resources fakes and withdrawal phishing attempts,” it added.
Bybit has accused North Korean hackers behind the attacks, costing the firm a massive $1.5 billion in stolen crypto. The campaign has contributed to Q1 2025 with an infamous record: a $1.7 billion theft in the first quarter, the highest in history.
Every day, the digital landscape evolves, thanks to innovations and technological advancements. Despite this growth, it suffers from a few roadblocks, cybercrime being a major one and not showing signs of ending anytime soon. Artificial Intelligence, large-scale data breaches, businesses, governments, and rising target refinement across media platforms have contributed to this problem. However, Nord VPN CTO Marijus Briedis believes, “Prevention alone is insufficient,” and we need resilience.
VPN provider Nord VPN experienced first-hand the changing cyber threat landscape after the spike in cybercrime cases attacking Lithuania, where the company is based, in the backdrop of the Ukraine conflict.
In the last few years, we have witnessed the expansion of cybercrime gangs and state-sponsored hackers and also the abuse of digital vulnerabilities. What is even worse is that “with little resources, you can have a lot of damage,” Briedis added. Data breaches reached an all-time high in 2024. The infamous “mother of all data breaches” incident resulted in a massive 26 billion record leak. Overall, more than 1 billion records were leaked throughout the year, according to NordLayer data.
Google’s Cybersecurity Forecast 2025 included Generative AI as a main threat, along with state-sponsored cybercriminals and ransomware.
Amid these increasing cyber threats, companies like NordVPN are widening the scope of their security services. A lot of countries have also implemented laws to safeguard against cyberattacks as much as possible throughout the years.
Over the years, governments, individuals, and organizations have also learned to protect their important data via vpn software, antivirus, firewall, and other security software. Despite these efforts, it’s not enough. According to Briedis, this happens because cybersecurity is not a fixed goal. "We have to be adaptive and make sure that we are learning from these attacks. We need to be [cyber] resilience."
In a RightsCon panel that Briedis attended, the discourse was aimed at NGOs, activists, and other small businesses, people take advantage of Nord’s advice to be more cyber-resilient. He gives importance to education, stressing it’s the “first thing.”
There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were reported in 2024. This is a huge increase compared to the 22,000 cases recorded the previous year.
To address this growing problem, Action Fraud has teamed up with Meta to start an online safety campaign. Their main goal is to help people secure their accounts by turning on two-step verification, also known as 2FA. This extra security step makes it much harder for hackers to break into accounts.
Hackers usually target social media or email profiles for money. Once they gain access, they often pretend to be the real user and reach out to the person’s friends or followers. Many times, they use these stolen accounts to promote fake investment schemes or sell fake event tickets. In other cases, hackers simply sell these hacked accounts to others who use them for illegal activities.
One trick commonly used by hackers is messaging the account owner’s contacts and convincing them to share security codes. Since the message appears to come from a trusted person, many people unknowingly share sensitive information, giving hackers further control.
Another method involves stealing login information through phishing scams or data leaks. If people use the same password for many sites, hackers can easily access multiple accounts once they crack one.
The good news is that there are simple ways to protect yourself. The most important step is enabling two-step verification on all your accounts. This adds an extra barrier by asking for a unique code when someone tries to log in, making it much tougher for hackers to get through even if they know your password.
Meta has also introduced face recognition technology to help users recover hacked accounts. Still, experts say prevention is always better than trying to fix the damage later.
Here are a few easy tips to protect your online accounts:
1. Always enable two-step verification wherever it is available.
2. Create strong and unique passwords for each account. Avoid using the same password more than once.
3. Be careful if someone you know suddenly asks for a security code — double-check if it’s really them.
4. Stay alert for suspicious links or emails asking for your login details — they could be phishing traps.
5. Keep an eye on your accounts for unusual activity or login attempts from unknown places.
With online scams increasing, staying careful and following these safety steps can help you avoid falling victim to account hacks. Taking action now can save you a lot of trouble later.
A new cyber attack is putting Amazon Prime subscribers at risk. Hackers are sending malicious emails warning users that their Prime membership is about to expire. These emails contain attachments with dangerous links that redirect users to fake websites designed to steal personal and financial information. Security experts warn that this is the latest example of cybercriminals using PDFs for phishing scams, exploiting the trust people place in these file types.
Researchers from Palo Alto's Unit 42 have identified this new scam, which relies on deceptive emails that appear to be from Amazon. The emails claim that the user’s Prime membership is expiring soon, urging them to take immediate action. Attached to the email is a PDF file containing a link that redirects users through multiple sites before landing on a fake login page. This page is designed to capture the user’s credentials, including passwords and credit card information.
The phishing websites are meticulously crafted to resemble Amazon’s official login page, making it difficult for users to distinguish them from the real site. Since June 2024, attackers have registered over 1,000 fake domains that closely mimic Amazon’s official domain, further complicating detection.
This type of attack is particularly dangerous because it exploits the perception that PDF files are safe. Hackers use this trust to bypass email filters and deliver malicious content. Javvad Malik, a security advocate at KnowBe4, warns that opening unexpected email attachments is risky. Many users fail to verify the sender’s email address before clicking on links, making them easy targets for cybercriminals.
Dray Agha, senior security manager at Huntress, explains that phishing techniques are constantly evolving. Cybercriminals are now using redirection techniques within PDF files to evade traditional security measures, making even cautious users vulnerable to these scams.
While Amazon is actively working to shut down these fraudulent websites, new ones continue to emerge. To stay safe, experts recommend the following steps:
Amazon has acknowledged the scam and is actively working to take down fraudulent sites. The company encourages users to report suspicious emails or scams through its official support page. An Amazon spokesperson stated: “Scammers pretending to be Amazon put customers at risk. We urge customers to report suspicious emails to help protect accounts and take action against bad actors.”
Cybercriminals are constantly devising new ways to deceive users, but with awareness and caution, individuals can protect themselves from falling victim to these scams. By staying informed and following best practices, users can safeguard their personal and financial information from phishing attacks.
The new phishing scam targeting Amazon Prime subscribers highlights the evolving tactics of cybercriminals. By exploiting trusted file types like PDFs and creating convincing fake websites, attackers are able to bypass traditional security measures. Users must remain vigilant, verify the authenticity of emails, and avoid clicking on suspicious links. As Amazon continues to combat these fraudulent activities, awareness and proactive measures are key to staying safe in an increasingly complex digital landscape.