Final yr, X-Power predicted that after AI applied sciences “set up market dominance—when a single know-how approaches 50% market share or when the market consolidates to a few or fewer applied sciences—attackers will probably be incentivized to spend money on assault toolkits” that concentrate on AI fashions and options. “Are we there but? Not fairly, however adoption is rising,” the report acknowledged. “The share of firms integrating AI into at the least one enterprise operate has dramatically elevated to 72% in 2024, up 55% from within the earlier yr.”
“New applied sciences, equivalent to gen AI, create new assault surfaces. Safety researchers are sprinting to seek out and assist repair vulnerabilities earlier than attackers do. We anticipate vulnerabilities in AI frameworks to turn into extra widespread over time, such because the distant code execution vulnerability X-Power present in a framework for constructing AI brokers,” IBM acknowledged. “Just lately, an lively assault marketing campaign focusing on a broadly used open supply AI framework was found, affecting training, cryptocurrency, biopharma, and different sectors. Weaknesses in AI know-how translate into vulnerabilities for attackers to take advantage of.”
Extra findings from X-Power embrace:
- Reliance on legacy know-how and sluggish patching cycles show to be a permanent problem for vital infrastructure organizations as cybercriminals exploited vulnerabilities in additional than one-quarter of incidents that IBM X-Power responded to on this sector final yr. In reviewing the widespread vulnerabilities and exposures (CVEs) most talked about on darkish net boards, IBM X-Power discovered that 4 out of the highest ten have been linked to classy menace actor teams, together with nation-state adversaries, escalating the chance of disruption, espionage and monetary extortion.
- Ransomware assaults proceed their scourge. “Evaluation of darkish net knowledge reveals a 25% enhance in ransomware exercise year-over-year. Adoption of a cross-platform strategy to ransomware, supporting each Home windows and Linux, additionally seems to be the norm amongst ransomware menace teams—increasing assault surfaces. Though ransomware is being overshadowed by different ways, it stays a serious menace vector. Essentially the most harmful development in ransomware is the usage of a number of extortion ways,” IBM acknowledged. Ransomware contains almost one-third (28%) of malware incident response circumstances and 11% of security circumstances, representing a decline over the past a number of years.
- Whereas phishing assaults dropped general, IBM discovered an 84% spike in phishing emails delivering infostealers in 2024, and early 2025 knowledge exhibits a fair greater enhance (180%). These stolen credentials could also be utilized in follow-on, identity-based assaults.
- With the elevated effectiveness of endpoint detection and response (EDR) options detecting backdoor intrusion efforts through phishing, menace actors have shifted to utilizing phishing as a shadow vector to ship infostealer malware. In 2024, X-Power noticed an 84% enhance in infostealers delivered through phishing. There was additionally a 12% year-over-year enhance of infostealer credentials on the market on the darkish net, suggesting elevated utilization. Extra attackers stole knowledge (18%) than encrypted (11%) it final yr as superior detection applied sciences and elevated regulation enforcement efforts strain attackers to pivot to quicker exit paths.
- In collaboration with Crimson Hat Insights, IBM X-Power discovered that greater than half of Crimson Hat Enterprise Linux clients’ environments had at the least one vital CVE unaddressed, and 18% confronted 5 or extra vulnerabilities. On the identical time, IBM X-Power discovered probably the most lively ransomware households (e.g., Akira, Clop, Lockbit, and RansomHub) at the moment are supporting each Home windows and Linux variations of their ransomware.
- For the fourth consecutive yr, manufacturing was probably the most attacked trade. Going through the very best variety of ransomware circumstances final yr, the return on funding for encryption holds sturdy for this sector as a result of its extraordinarily low tolerance for downtime.
