Bots bite back Cyble flags AI fuelled surge in Ransomware attacks

MUMBAI: When hackers automate, the clock ticks faster for everyone else. That is the stark warning emerging from the Annual Threat Landscape Report 2025 released by Cyble, which charts a year where cybercrime scaled up sharply, powered by artificial intelligence, relentless ransomware operations and a visible spike in geopolitically driven hacktivism.

Drawing on intelligence gathered from underground forums, dark web marketplaces and global threat actor networks, the report paints a picture of adversaries operating with greater speed and precision. Automation and AI-led tooling are no longer fringe tactics; they have become central to how attackers cut down time-to-compromise and amplify impact across sectors and borders.

Ransomware remained the most disruptive force through 2025, with threat groups refining extortion-only playbooks and recycling affiliates across multiple ransomware-as-a-service platforms. Cyble’s researchers noted that organisations perceived as willing to pay were often hit repeatedly, with attackers exploiting stolen credentials, exposed services and zero-day vulnerabilities to gain entry.

Artificial intelligence, meanwhile, has shifted cybercrime into a higher gear. The report documents AI being used to craft convincing phishing lures, automate vulnerability exploitation and conduct large-scale credential harvesting with minimal human input. The result is not just more attacks, but attacks that are harder to spot and faster to execute.

Hacktivism also surged, closely tracking geopolitical flashpoints. Data leaks, service disruptions and destructive campaigns increasingly targeted government bodies, critical infrastructure, transport networks and energy assets, blurring the lines between cybercrime and cyber conflict.

“The 2025 threat landscape shows attackers moving faster, operating more efficiently and exploiting trust across digital ecosystems,” said Cyble senior manager of research and intelligence Daksh Nakra. “Organisations must assume threats will be more adaptive, more automated and more persistent than ever.”

Among the report’s key takeaways, AI-driven automation is now mainstream in cybercrime; ransomware continues to deliver the greatest financial and operational damage, identity abuse and supply-chain compromises are widening; and exploited vulnerabilities enable rapid, large-scale breaches.

In short, as machines learn faster, defenders are being forced to rethink not just how they respond but how quickly they can keep up.