Final yr, X-Drive predicted that after AI applied sciences “set up market dominance—when a single expertise approaches 50% market share or when the market consolidates to a few or fewer applied sciences—attackers shall be incentivized to spend money on assault toolkits” that concentrate on AI fashions and options. “Are we there but? Not fairly, however adoption is rising,” the report acknowledged. “The proportion of corporations integrating AI into a minimum of one enterprise operate has dramatically elevated to 72% in 2024, up 55% from within the earlier yr.”
“New applied sciences, resembling gen AI, create new assault surfaces. Safety researchers are sprinting to search out and assist repair vulnerabilities earlier than attackers do. We count on vulnerabilities in AI frameworks to change into extra frequent over time, such because the distant code execution vulnerability X-Drive present in a framework for constructing AI brokers,” IBM acknowledged. “Just lately, an energetic assault marketing campaign concentrating on a extensively used open supply AI framework was found, affecting schooling, cryptocurrency, biopharma, and different sectors. Weaknesses in AI expertise translate into vulnerabilities for attackers to use.”
Further findings from X-Drive embrace:
- Reliance on legacy expertise and sluggish patching cycles show to be an everlasting problem for crucial infrastructure organizations as cybercriminals exploited vulnerabilities in additional than one-quarter of incidents that IBM X-Drive responded to on this sector final yr. In reviewing the frequent vulnerabilities and exposures (CVEs) most talked about on darkish internet boards, IBM X-Drive discovered that 4 out of the highest ten have been linked to classy menace actor teams, together with nation-state adversaries, escalating the chance of disruption, espionage and monetary extortion.
- Ransomware assaults proceed their scourge. “Evaluation of darkish internet knowledge reveals a 25% enhance in ransomware exercise year-over-year. Adoption of a cross-platform strategy to ransomware, supporting each Home windows and Linux, additionally seems to be the norm amongst ransomware menace teams—increasing assault surfaces. Though ransomware is being overshadowed by different ways, it stays a significant menace vector. Essentially the most harmful development in ransomware is the usage of a number of extortion ways,” IBM acknowledged. Ransomware includes practically one-third (28%) of malware incident response instances and 11% of safety instances, representing a decline during the last a number of years.
- Whereas phishing assaults dropped total, IBM discovered an 84% spike in phishing emails delivering infostealers in 2024, and early 2025 knowledge reveals a fair greater enhance (180%). These stolen credentials could also be utilized in follow-on, identity-based assaults.
- With the elevated effectiveness of endpoint detection and response (EDR) options detecting backdoor intrusion efforts by way of phishing, menace actors have shifted to utilizing phishing as a shadow vector to ship infostealer malware. In 2024, X-Drive noticed an 84% enhance in infostealers delivered by way of phishing. There was additionally a 12% year-over-year enhance of infostealer credentials on the market on the darkish internet, suggesting elevated utilization. Extra attackers stole knowledge (18%) than encrypted (11%) it final yr as superior detection applied sciences and elevated legislation enforcement efforts stress attackers to pivot to sooner exit paths.
- In collaboration with Pink Hat Insights, IBM X-Drive discovered that greater than half of Pink Hat Enterprise Linux clients’ environments had a minimum of one crucial CVE unaddressed, and 18% confronted 5 or extra vulnerabilities. On the identical time, IBM X-Drive discovered essentially the most energetic ransomware households (e.g., Akira, Clop, Lockbit, and RansomHub) at the moment are supporting each Home windows and Linux variations of their ransomware.
- For the fourth consecutive yr, manufacturing was essentially the most attacked business. Dealing with the very best variety of ransomware instances final yr, the return on funding for encryption holds sturdy for this sector attributable to its extraordinarily low tolerance for downtime.