Final yr, X-Drive predicted that after AI applied sciences “set up market dominance—when a single know-how approaches 50% market share or when the market consolidates to a few or fewer applied sciences—attackers shall be incentivized to put money into assault toolkits” that concentrate on AI fashions and options. “Are we there but? Not fairly, however adoption is rising,” the report acknowledged. “The proportion of firms integrating AI into a minimum of one enterprise operate has dramatically elevated to 72% in 2024, up 55% from within the earlier yr.”
“New applied sciences, comparable to gen AI, create new assault surfaces. Safety researchers are sprinting to search out and assist repair vulnerabilities earlier than attackers do. We anticipate vulnerabilities in AI frameworks to grow to be extra widespread over time, such because the distant code execution vulnerability X-Drive present in a framework for constructing AI brokers,” IBM acknowledged. “Lately, an active attack campaign focusing on a extensively used open supply AI framework was found, affecting schooling, cryptocurrency, biopharma, and different sectors. Weaknesses in AI know-how translate into vulnerabilities for attackers to use.”
Extra findings from X-Drive embrace:
- Reliance on legacy know-how and gradual patching cycles show to be an everlasting problem for vital infrastructure organizations as cybercriminals exploited vulnerabilities in additional than one-quarter of incidents that IBM X-Drive responded to on this sector final yr. In reviewing the widespread vulnerabilities and exposures (CVEs) most talked about on darkish net boards, IBM X-Drive discovered that 4 out of the highest ten have been linked to classy risk actor teams, together with nation-state adversaries, escalating the chance of disruption, espionage and monetary extortion.
- Ransomware assaults proceed their scourge. “Evaluation of darkish net knowledge reveals a 25% enhance in ransomware exercise year-over-year. Adoption of a cross-platform method to ransomware, supporting each Home windows and Linux, additionally seems to be the norm amongst ransomware risk teams—increasing assault surfaces. Though ransomware is being overshadowed by different techniques, it stays a significant risk vector. Essentially the most harmful pattern in ransomware is the usage of a number of extortion techniques,” IBM acknowledged. Ransomware contains almost one-third (28%) of malware incident response instances and 11% of safety instances, representing a decline during the last a number of years.
- Whereas phishing assaults dropped total, IBM discovered an 84% spike in phishing emails delivering infostealers in 2024, and early 2025 knowledge reveals an excellent greater enhance (180%). These stolen credentials could also be utilized in follow-on, identity-based assaults.
- With the elevated effectiveness of endpoint detection and response (EDR) options detecting backdoor intrusion efforts by way of phishing, risk actors have shifted to utilizing phishing as a shadow vector to ship infostealer malware. In 2024, X-Drive noticed an 84% enhance in infostealers delivered by way of phishing. There was additionally a 12% year-over-year enhance of infostealer credentials on the market on the darkish net, suggesting elevated utilization. Extra attackers stole knowledge (18%) than encrypted (11%) it final yr as superior detection applied sciences and elevated regulation enforcement efforts stress attackers to pivot to quicker exit paths.
- In collaboration with Crimson Hat Insights, IBM X-Drive discovered that greater than half of Crimson Hat Enterprise Linux prospects’ environments had a minimum of one vital CVE unaddressed, and 18% confronted 5 or extra vulnerabilities. On the similar time, IBM X-Drive discovered essentially the most energetic ransomware households (e.g., Akira, Clop, Lockbit, and RansomHub) are actually supporting each Home windows and Linux variations of their ransomware.
- For the fourth consecutive yr, manufacturing was essentially the most attacked business. Dealing with the very best variety of ransomware instances final yr, the return on funding for encryption holds robust for this sector because of its extraordinarily low tolerance for downtime.
