Overview
- Identity-led intrusions climbed 32% in the first half of 2025, with over 97% of identity attacks using password spray or brute-force and growing focus on workload and non‑human accounts, particularly in research and academia.
- Destructive activity in cloud environments jumped 87% and hybrid cloud–on‑prem operations now account for more than 40% of ransomware incidents, driven by misconfigurations and weak access controls.
- AI‑driven phishing reached a 54% click rate and AI‑generated IDs used to bypass verification rose 195%, while tactics expanded to Teams impersonation, help‑desk voice scams, ClickFix lures, and MFA tampering.
- Credential theft has been commoditized through infostealers like Lumma and RedLine and a growing market of 368 access brokers identified by Intel 471 selling access affecting victims in more than 130 countries.
- Africa is identified as a proving ground, with the World Economic Forum estimating cybercrime losses rising from Sh25 billion to Sh63 billion and BEC overtaking ransomware as the most financially damaging threat.