The bottom line: Cybercriminals increasingly employ professionalized automated standard methods and are becoming faster at exploiting vulnerabilities, while phishing and invisible attacks using legitimate tools are becoming the norm.
According to InfoGuard’s security report “Intelligence Insights 2025,” based on over 350 cyber incidents from 2025, attackers are not relying on new techniques but rather on professional automation of proven methods. The number of security incidents rose by approximately one-fifth, with the time between vulnerability discovery and exploitation becoming dramatically shorter.
The cybercrime scene is increasingly organizing itself like a professional business model with a division of labor structure. Criminal groups rely on specialized service providers, purchase stolen credentials, and use ready-made attack tools, some assisted by artificial intelligence. This significantly lowers the technical barrier to entry: even attackers with limited expertise can now conduct complex attacks.
Phishing remains the primary point of entry – nearly half of the analyzed security incidents began with fraudulent emails or similar deception methods. Modern phishing campaigns appear significantly more credible through AI-generated text, deceptively authentic voice recordings, and personalized content. Attackers frequently exploit compromised user accounts, insufficiently secured remote access, and misconfigurations in IT systems as entry points.
A critical risk is posed by insufficiently protected remote access: in one-quarter of all examined cases, VPN connections, remote desktop services, or remote maintenance solutions served as entry points, with successful access immediately leading to ransomware infections. Cybercriminals employ automated procedures to test usernames and passwords at scale.
The speed of exploiting new vulnerabilities has increased dramatically. While companies previously had several weeks to deploy security updates, this window is now measured in days or hours. Many attacks also occur outside direct corporate control – via supply chains, cloud platforms, and employees’ personal devices.
Modern attackers increasingly use inconspicuous approaches, leveraging legitimate tools and existing system functions instead of conspicuous malware. This significantly complicates detection through conventional detection patterns.
Source: www.it-daily.net · Published 10 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.