Global organizations are confronting an unprecedented surge in cyberattacks, driven by sophisticated phishing campaigns, record ransomware incidents, and the rapid integration of artificial intelligence into criminal operations. The latest findings from Acronis, a global leader in cybersecurity and data protection, paint a concerning picture of the evolving threat landscape.
Alarming Statistics Reveal Escalating Threats
According to the Acronis Cyberthreats Report H2 2025, titled "From exploits to malicious AI," email-based attacks increased by 16% per organization and 20% per user year-over-year. Phishing remains the dominant entry point, responsible for 52% of attacks targeting managed service providers. Perhaps more troubling is the shift toward high-impact secondary attack channels, with advanced attacks on collaboration platforms jumping from 12% in 2024 to 31% in 2025.
Key Cybersecurity Trends Identified
The report highlights several critical trends that defined the cybersecurity landscape in 2025:
- PowerShell abuse dominates: This legitimate tool has become the most abused globally, particularly in Germany, the United States, and Brazil.
- Phishing remains rampant: In the second half of 2025, phishing accounted for 83% of all email threats.
- High-risk MSP vulnerabilities: All MSP-platform CVEs disclosed in 2025 were rated High or Critical, despite overall low numbers.
- AI goes operational: Cybercriminals are increasingly integrating AI into day-to-day attack workflows, including reconnaissance, ransomware negotiation, and social engineering.
- Geographic hotspots: India, the United States, and the Netherlands experienced the highest mass infection and lateral movement rates, while South Korea was the most malware-affected country, with 12% of users impacted.
- Sector pressure points: Manufacturing, technology, and healthcare emerged as the top ransomware targets due to uptime pressure and complex, distributed environments.
The Rise of AI-Assisted Cybercrime
2025 witnessed a dramatic escalation in AI-assisted cybercrime, with threat actors leveraging artificial intelligence to scale attacks, automate reconnaissance, and optimize extortion strategies. For instance, the GLOBAL GROUP utilized AI-driven systems to manage ransomware negotiations efficiently across multiple victims, while GTG-2002 employed AI-assisted reconnaissance and data exfiltration to maximize impact.
Even social-engineering attacks have evolved significantly. Virtual kidnapping scams now use AI to generate convincing "proof of life" images, deceiving victims and amplifying psychological pressure. These innovations mark a new era of cybercrime where speed, sophistication, and scale challenge traditional defense mechanisms.
Expert Commentary on the Evolving Threat Landscape
Gerald Beuchelt, Chief Information Security Officer at Acronis, emphasized the transformative nature of these developments. "As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware but are leveraging AI to act faster, more efficiently, and at greater scale," he stated.
Beuchelt continued, "Attackers are increasingly integrating AI into their operations, so the cybersecurity landscape is entering a new era. This shift requires organizations to anticipate threats, automate defenses, and build resilient systems capable of withstanding both traditional and AI-driven attacks."
The report, based on telemetry collected by the Acronis Threat Research Unit and Acronis sensors, underscores the urgent need for organizations worldwide to strengthen their cyber defenses. With cybercriminals adopting increasingly sophisticated tools and techniques, proactive security measures and advanced threat detection systems have become more critical than ever.
