Final 12 months, X-Pressure predicted that when AI applied sciences “set up market dominance—when a single expertise approaches 50% market share or when the market consolidates to a few or fewer applied sciences—attackers will likely be incentivized to spend money on assault toolkits” that concentrate on AI fashions and options. “Are we there but? Not fairly, however adoption is rising,” the report acknowledged. “The proportion of corporations integrating AI into no less than one enterprise operate has dramatically elevated to 72% in 2024, up 55% from within the earlier 12 months.”
“New applied sciences, resembling gen AI, create new assault surfaces. Safety researchers are sprinting to seek out and assist repair vulnerabilities earlier than attackers do. We anticipate vulnerabilities in AI frameworks to turn into extra widespread over time, such because the distant code execution vulnerability X-Pressure present in a framework for constructing AI brokers,” IBM acknowledged. “Not too long ago, an energetic assault marketing campaign focusing on a broadly used open supply AI framework was found, affecting schooling, cryptocurrency, biopharma, and different sectors. Weaknesses in AI expertise translate into vulnerabilities for attackers to take advantage of.”
Further findings from X-Pressure embody:
- Reliance on legacy expertise and sluggish patching cycles show to be an everlasting problem for essential infrastructure organizations as cybercriminals exploited vulnerabilities in additional than one-quarter of incidents that IBM X-Pressure responded to on this sector final 12 months. In reviewing the widespread vulnerabilities and exposures (CVEs) most talked about on darkish net boards, IBM X-Pressure discovered that 4 out of the highest ten have been linked to classy menace actor teams, together with nation-state adversaries, escalating the danger of disruption, espionage and monetary extortion.
- Ransomware assaults proceed their scourge. “Evaluation of darkish net knowledge reveals a 25% improve in ransomware exercise year-over-year. Adoption of a cross-platform method to ransomware, supporting each Home windows and Linux, additionally seems to be the norm amongst ransomware menace teams—increasing assault surfaces. Though ransomware is being overshadowed by different techniques, it stays a serious menace vector. Essentially the most harmful development in ransomware is using a number of extortion techniques,” IBM acknowledged. Ransomware includes almost one-third (28%) of malware incident response circumstances and 11% of safety circumstances, representing a decline over the past a number of years.
- Whereas phishing assaults dropped total, IBM discovered an 84% spike in phishing emails delivering infostealers in 2024, and early 2025 knowledge exhibits a fair greater improve (180%). These stolen credentials could also be utilized in follow-on, identity-based assaults.
- With the elevated effectiveness of endpoint detection and response (EDR) options detecting backdoor intrusion efforts by way of phishing, menace actors have shifted to utilizing phishing as a shadow vector to ship infostealer malware. In 2024, X-Pressure noticed an 84% improve in infostealers delivered by way of phishing. There was additionally a 12% year-over-year improve of infostealer credentials on the market on the darkish net, suggesting elevated utilization. Extra attackers stole knowledge (18%) than encrypted (11%) it final 12 months as superior detection applied sciences and elevated legislation enforcement efforts strain attackers to pivot to quicker exit paths.
- In collaboration with Pink Hat Insights, IBM X-Pressure discovered that greater than half of Pink Hat Enterprise Linux clients’ environments had no less than one essential CVE unaddressed, and 18% confronted 5 or extra vulnerabilities. On the identical time, IBM X-Pressure discovered essentially the most energetic ransomware households (e.g., Akira, Clop, Lockbit, and RansomHub) are actually supporting each Home windows and Linux variations of their ransomware.
- For the fourth consecutive 12 months, manufacturing was essentially the most attacked trade. Going through the best variety of ransomware circumstances final 12 months, the return on funding for encryption holds sturdy for this sector resulting from its extraordinarily low tolerance for downtime.
