---
title: "Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors | DMARC Report"
description: "Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors from DMARC Report explains practical steps for."
image: "https://dmarcreport.com/og/blog/cyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors.png"
canonical: "https://dmarcreport.com/blog/cyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cyberattacks%20have%20become%20mainstream%20businesses%20in%202025%20-%20%20AI%20and%20ransomware%20trends%20are%20the%20biggest%20contributors&url=undefined%2Fblog%2Fcyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors%2F&title=Cyberattacks%20have%20become%20mainstream%20businesses%20in%202025%20-%20%20AI%20and%20ransomware%20trends%20are%20the%20biggest%20contributors "Share on Reddit") [ ](mailto:?subject=Cyberattacks%20have%20become%20mainstream%20businesses%20in%202025%20-%20%20AI%20and%20ransomware%20trends%20are%20the%20biggest%20contributors&body=Check out this article: undefined%2Fblog%2Fcyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors%2F "Share via Email")
> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-30972” readonly/>
```
```
It’s 2025, and the global situation of cybercrime has worsened; ransomware and other cyberattacks are running like actual businesses. They are now operating as \*\*service providers \*\*where [threat actors](https://cybersecuritynews.com/iranian-threat-actors-attacking-u-s-critical-infrastructure/) create easy tools that they sell at cheaper rates, enabling not-so-tech-savvy [cybercriminals](https://www.voanews.com/a/cybercriminals-increasingly-help-russia-china-iran-target-us-allies-/7822907.html) to launch malware, phishing, [DDoS](https://www.helpnetsecurity.com/2025/08/20/alleged-rapper-bot-ddos-botnet-master-arrested-charged/), MITM, and other attacks.
This business market is growing at such a fast pace that [cyberattacks](https://www.aljazeera.com/news/2025/4/15/china-accuses-us-of-launching-cyberattacks-during-asian-winter-games) have increased by [47% in 2025](https://www.techrepublic.com/article/news-cyber-attacks-check-point/) compared to the previous year.
## The worst-hit sectors of 2025
The education sector is in the biggest trouble this year, with schools and universities facing around \*\*4,484 attacks every week. This is happening because most of these institutions don’t have strong security, despite storing \*\*sensitive student data and information on critical research.
The government sector is also getting hit hard again and again, disrupting essential services. All this is leading to citizens losing trust. The [telecom sector](https://www.cybersecuritydive.com/news/tmobile-salt-typhoon-telecom-attack-campaign/734729/) is no better. It saw a **94%** increase in attacks compared to last year, and this affects every business that depends on their networks.
It is important to understand that these attacks are not just numbers. They are leading to significant downtime, hefty fines, and higher [cyber insurance](https://www.insurancebusinessmag.com/us/news/breaking-news/report-highlights-urgent-need-for-cyber-insurance-521812.aspx) costs. Moreover, users’ safety is at risk because their data can be stolen, their identity can be misused, or even their communication can be hacked. AI is worsening the situation by empowering hackers to create new [ransomware](https://therecord.media/funksec-ransomware-using-ai-malware), polished [phishing messages](https://www.usatoday.com/story/money/investing/2025/04/05/investor-risks-phishing-scams/82771207007/), and \*\*professional-looking graphics to deceive people on a large scale and find new security holes faster than companies can fix them.
One key defense against such email-based attacks is implementing [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/). These essential [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) protocols work together to **prevent spoofing, phishing**, and unauthorized use of a domain.
## Ransomware is on the rise this year
Ransomware attacks are no longer random; they are being highly targeted towards key industries. [Malicious actors](https://www.reuters.com/world/us/malicious-actors-using-ai-pose-senior-us-officials-fbi-says-2025-05-15/) are finding weaknesses and unprotected endpoints in supply chains, [remote work systems](https://www.monitask.com/en/blog/remote-work-systems-building-a-foundation-for-productivity-and-collaboration), and outdated software to break into important networks.
So, instead of sending [phishing emails](https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html) to the masses, they are now targeting specific industries like healthcare, education, and telecom.
[Ransomware-as-a-service](https://www.fortinet.com/resources/cyberglossary/ransomware-as-a-service-raas) has made it easier for more people to launch these attacks. In the first three months of 2025, there were \*\*2,289 \*\*ransomware attacks, which is 126 percent more than the same time in 2024\. Major supermarkets in the UK, including **Sainsbury’s, Morrisons, M&S, and Co-op**, have been hit by significant attacks, as well as the [Legal Aid Agency](https://www.bleepingcomputer.com/news/security/uk-legal-aid-agency-investigates-cybersecurity-incident/) and the pathology company Synnovis, causing problems for [NHS](https://en.wikipedia.org/wiki/National%5FHealth%5FService) operations. Global monitoring of hundreds of thousands of networks and millions of devices shows that these attacks are becoming more frequent and more serious.
## AI is making cyberattacks easier and more dangerous
The rise of \*\*artificial intelligence is making it easier for cybercriminals to launch attacks. Beginners no longer need to create their own tools. They can buy or rent access to hacked systems through apps like Telegram or on [dark web forums](https://www.bitsight.com/learn/cti/dark-web-forums). This has allowed attacks that many small and medium businesses cannot defend against. Some [AI chatbots](https://www.theguardian.com/technology/2025/jan/27/deepseek-cyberattack-ai), including ChatGPT, Gemini, and Claude, can be tricked to produce harmful content. Jailbroken versions like WormGPT and GhostGPT are also available on underground forums, often for free or very cheaply.
Organized crime groups in Europe are already using AI for fraud, [stealing data](https://www.bbc.com/news/articles/cd6nyng861wo), and money laundering. _They also use AI for more obvious threats like automated ransomware, malware, and deepfakes that pretend to be senior executives._ While many companies are excited to use AI to work faster, it can also create new risks. A study in the \*\*UK found that [56 percent](https://qbeeurope.com/news-and-events/press-releases/british-businesses-embrace-ai-despite-cybersecurity-risks-increasing/) of businesses that were attacked last year were affected through third-party suppliers, including AI providers. Some [hackers exploit AI coding tools](https://www.csoonline.com/article/4027963/hacker-inserts-destructive-code-in-amazon-q-as-update-goes-live.html) like [GitHub Copilot](https://github.blog/news-insights/research/does-github-copilot-improve-code-quality-heres-what-the-data-says/) or ChatGPT, which can sometimes suggest fake software packages that trick developers into downloading dangerous code.
Businesses today are very connected, and even the best \*\*internal security can fail if their suppliers or partners have weak spots. It is becoming essential for companies to check and protect not just their own systems but their entire network of [third-party partners](https://www.lawinsider.com/dictionary/third-party-partners) and [IT infrastructure](https://www.ibm.com/think/topics/infrastructure).
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 8m 10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[ Foundational 12m 10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[ Foundational 12m 10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[ Foundational 12m 10 Reasons SPF Filtering Is Critical For Email Security Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors","description":"Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors from DMARC Report explains practical steps for.","url":"https://dmarcreport.com/blog/cyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors/","datePublished":"2025-08-22T13:32:02.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-08-22T13:32:02.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/cyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors/"},"articleSection":"foundational","keywords":"dkim, DMARC, SPF","wordCount":1048,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Cyberattacks have become mainstream businesses in 2025 - AI and ransomware trends are the biggest contributors","item":"https://dmarcreport.com/blog/cyberattacks-mainstream-2025-ai-ransomware-trends-major-contributors/"}]}
```