Geopolitical instability drove a rise in state-backed superior persistent risk (APT) assaults and hacktivism, in addition to a rise in ransomware-as-a-service (RaaS) exercise final 12 months, in accordance with Group-IB.
The risk intelligence specialist printed its Excessive-Tech Crime Traits 2025 report at present primarily based on proprietary analysis, intelligence gathering and real-world cybercrime investigations.
It revealed a 58% annual enhance in state-sponsored APT incidents, with Europe (18%) seeing the largest surge regionally, adopted by MEA (4%).
Provided that many of those assaults had been fuelled by conflicts together with Russia-Ukraine, it’s maybe not shocking that authorities and army (16%) was probably the most focused sector, adopted by manufacturing (5%).
The identical geopolitical tensions may clarify a rise in hacktivism. APAC (39%) and Europe (36%) accounted for almost all of exercise in 2024, with Ukraine the highest goal for such assaults in Europe, comprising 17% of its complete.
As soon as once more, authorities and army (6%) was the hardest-hit sector, adopted by manufacturing (4%).
Learn extra on geopolitical exercise: Geopolitical Tensions Drive Explosion in DDoS Assaults.
With many RaaS associates and builders sheltering in former Soviet states, a rise in exercise right here may be linked to the geopolitical panorama. Group-IB recorded a 44% enhance in advertisements searching for to recruit associates, and a ten% rise in knowledge leak victims.
Elsewhere, Europe was additionally hammered by fraud in 2024. Group-IB detected over 200,000 fraudulent “assets” globally final 12 months, a 22% year-on-year (YoY) enhance. Europe’s monetary companies sector accounted for 34% of all scams within the area.
The Darkish Internet Rises
Fuelling all of this prison exercise is the work of preliminary entry brokers (IABs) and the massive volumes of private data and credentials flooding the darkish net.
The report famous a 15% annual enhance in IAB operations final 12 months, rising to 32% in Europe and 43% in North America. Group-IB additionally claimed to have recorded a large 6.4 billion knowledge strings – together with e-mail addresses, passwords and monetary knowledge – that had been leaked globally in 2024.
Curiously, most of the previous methods proceed to bear fruit. Phishing was the commonest preliminary entry vector in 2024, at the same time as newer TTPs emerged. The variety of deepfake companies marketed on Telegram elevated by 40%, for instance.
Group-IB CEO, Dmitry Volkov, warned of the “relentless growth” of the darkish net economic system.
“Cybercriminals should not simply exploiting vulnerabilities – they’re weaponizing geopolitical instability to cripple crucial industries worldwide. APTs, knowledge breaches, phishing and ransomware don’t happen in isolation, they feed off one another, forming an enormous, interconnected risk community,” he added.
“The necessity to construct resilient cybersecurity communities and undertake superior safety methods has by no means been extra crucial to combat these threats earlier than they evolve additional. There is no such thing as a time to waste – organizations should take proactive steps now to remain forward of malicious actors.”
