Surge in Cybercrime: Alarming Trends in Ransomware and Infostealer Attacks
Recent research highlights a significant escalation in cybercrime activity throughout 2025, characterized by substantial increases across various types of threats. Notably, there has been a staggering 800% rise in credential theft attributed to information-stealing malware, defining identity theft as a primary attack vector. Ransomware incidents have surged by 179%, with data breaches climbing by 235%. This upward trend underscores the urgent need for businesses to reassess their cybersecurity strategies.
According to Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint, the scale of malicious activities documented in the first half of this year is unprecedented. Over 20,000 new vulnerabilities have emerged, with nearly 7,000 of these accompanied by publicly available exploits. The cumulative effect of these trends poses a considerable challenge for security teams as they navigate an ever-growing volume of threats while attackers actively seek to exploit emerging vulnerabilities.
Concurrently, the Identity Theft Resource Center noted that a total of 1,732 data breach incidents in the United States impacted nearly 166 million individuals during the first half of this year, marking a 10% increase from the same period in 2024. If this trajectory continues, 2025 is poised to break records in terms of the number of organizations known to have experienced data breaches.
The uptick in breaches can be partially traced to the revelations of infostealer malware, which has infected approximately 2.7 million systems this year, resulting in 204 million compromised credentials flooding the market. Infostealers like Lumma are proliferating rapidly, operating as “infostealer-as-a-service,” where users can obtain this malicious software for a relatively low cost. This ecosystem facilitates the trading of stolen data, which often includes sensitive corporate credentials, laying the groundwork for more sophisticated attacks like ransomware and espionage.
Infostealers increasingly employ advanced tactics to deceive victims into installing malware, including AI-generated videos across social media platforms such as TikTok. These attacks often utilize techniques like ClickFix or ClearFake, which mislead users into executing malicious code on their systems, showcasing the evolving sophistication of threat actors.
Prominent incidents this year include breaches involving major companies such as Telefónica and Orange, where attackers leveraged stolen credentials to infiltrate networks. In the case of Telefónica, 15 Jira accounts were compromised, leading to the exfiltration of 24,000 employee records. Similarly, HellCat exploited Raccoon-Stealer credentials to access Orange’s network, extracting sensitive data including financial documents and network configurations.
Ransomware attacks continue to escalate despite ongoing law enforcement efforts to disrupt key criminal groups. A recent report revealed an alarming number of ransomware victims, with at least 3,662 incidents reported in the first half of 2025—70% of the total recorded for the entirety of 2024. The U.S. remains the most targeted country, with 2,160 reported ransomware victims.
The MITRE ATT&CK framework provides valuable insight into the tactics and techniques employed by cybercriminals, such as Initial Access through spear-phishing or exploitation of public-facing applications. Persistence may be achieved through credential dumping or backdoor installation, while Privilege Escalation can be attained by exploiting vulnerabilities within the network.
As cybersecurity professionals strive to quantify the extent of ransomware activities, findings suggest that only a fraction of attacks are publicly reported. Flashpoint indicates that the average volume of stolen data from leaks has been significant, with incidents involving over 858 gigabytes of data exfiltrated on average, exposing the profound impact such breaches can have on organizations.
In this intensified cyber landscape, businesses must prioritize robust cybersecurity measures. With growing numbers of attacks leveraging both new and existing vulnerabilities, the imperative for organizations to safeguard their assets has never been more urgent. It remains critical for business leaders to remain vigilant and proactive in securing their digital environments against the relentless evolution of cyber threats.
