Cyberattacks have become mainstream businesses in 2025— AI and ransomware trends are the biggest contributors
It’s 2025, and the global situation of cybercrime has worsened; ransomware and other cyberattacks are running like actual businesses. They are now operating as service providers where threat actors create easy tools that they sell at cheaper rates, enabling not-so-tech-savvy cybercriminals to launch malware, phishing, DDoS, MITM, and other attacks.
This business market is growing at such a fast pace that cyberattacks have increased by 47% in 2025 compared to the previous year.
The worst-hit sectors of 2025
The education sector is in the biggest trouble this year, with schools and universities facing around 4,484 attacks every week. This is happening because most of these institutions don’t have strong security, despite storing sensitive student data and information on critical research.
The government sector is also getting hit hard again and again, disrupting essential services. All this is leading to citizens losing trust.
The telecom sector is no better. It saw a 94% increase in attacks compared to last year, and this affects every business that depends on their networks.
It is important to understand that these attacks are not just numbers. They are leading to significant downtime, hefty fines, and higher cyber insurance costs. Moreover, users’ safety is at risk because their data can be stolen, their identity can be misused, or even their communication can be hacked.
AI is worsening the situation by empowering hackers to create new ransomware, polished phishing messages, and professional-looking graphics to deceive people on a large scale and find new security holes faster than companies can fix them.
One key defense against such email-based attacks is implementing DMARC, DKIM, and SPF. These essential email authentication protocols work together to prevent spoofing, phishing, and unauthorized use of a domain.
Ransomware is on the rise this year
Ransomware attacks are no longer random; they are being highly targeted towards key industries. Malicious actors are finding weaknesses and unprotected endpoints in supply chains, remote work systems, and outdated software to break into important networks.
So, instead of sending phishing emails to the masses, they are now targeting specific industries like healthcare, education, and telecom.
Ransomware-as-a-service has made it easier for more people to launch these attacks. In the first three months of 2025, there were 2,289 ransomware attacks, which is 126 percent more than the same time in 2024. Major supermarkets in the UK, including Sainsbury’s, Morrisons, M&S, and Co-op, have been hit by significant attacks, as well as the Legal Aid Agency and the pathology company Synnovis, causing problems for NHS operations. Global monitoring of hundreds of thousands of networks and millions of devices shows that these attacks are becoming more frequent and more serious.
AI is making cyberattacks easier and more dangerous
The rise of artificial intelligence is making it easier for cybercriminals to launch attacks. Beginners no longer need to create their own tools. They can buy or rent access to hacked systems through apps like Telegram or on dark web forums. This has allowed attacks that many small and medium businesses cannot defend against. Some AI chatbots, including ChatGPT, Gemini, and Claude, can be tricked to produce harmful content. Jailbroken versions like WormGPT and GhostGPT are also available on underground forums, often for free or very cheaply.
Organized crime groups in Europe are already using AI for fraud, stealing data, and money laundering. They also use AI for more obvious threats like automated ransomware, malware, and deepfakes that pretend to be senior executives. While many companies are excited to use AI to work faster, it can also create new risks. A study in the UK found that 56 percent of businesses that were attacked last year were affected through third-party suppliers, including AI providers. Some hackers exploit AI coding tools like GitHub Copilot or ChatGPT, which can sometimes suggest fake software packages that trick developers into downloading dangerous code.
Businesses today are very connected, and even the best internal security can fail if their suppliers or partners have weak spots. It is becoming essential for companies to check and protect not just their own systems but their entire network of third-party partners and IT infrastructure.
