Top Highlights
-
The 2025 cyber landscape was characterized by accelerated threat activities, notably a 63% rise in extortion breaches driven by supply chain attacks, with DarkForums emerging as the primary English-speaking threat hub and Qilin dominating the RaaS market.
-
While AI tools enhanced the quality of social engineering and disinformation campaigns, there was limited evidence of AI-driven malware broadly impacting operational tactics; instead, cybercriminals primarily used established malware and relied on AI for performance boosting.
-
International law enforcement disruptions in 2025 fractured major forums like BreachForums, leading to the rise of DarkForums as a central platform, while threat groups like Qilin expanded their coercion tactics and targeted data-rich sectors for extortion.
-
Expectation for 2026 includes continued growth in extortion activities, more sophisticated credential theft and supply chain attacks, a decline in ransom payments due to legislative changes, and AI serving mainly as a force multiplier for social engineering and influence operations rather than as a core malware component.
The Core Issue
Intel 471’s 2025 threat report highlights how the cyber landscape was increasingly driven by acceleration rather than disruption. It explains that threat actors, primarily operating through platforms like DarkForums, intensified their activities, notably in extortion, which saw a 63% rise, largely fueled by supply chain attacks. This surge was rooted in a highly competitive, profit-centered underground ecosystem where ransomware groups like Qilin dominated the extortion market, accounting for nearly 18% of known victims. The report attributes this growth to the evolving tactics of cybercriminals who, despite disruptions from law enforcement, continued to adapt by professionalizing and expanding their toolkit, often utilizing AI to enhance their social engineering methods. Conversely, initial access broker activity slightly declined but remained stable overall, emphasizing persistent vulnerabilities such as weak credentials and misconfigured remote access points. The report, authored by Intel 471, underscores that while law enforcement efforts fragmented the underground forums, darkweb hubs like DarkForums emerged as key operational centers—indicating a resilient, adaptive threat sector set to persist into 2026.
Furthermore, the report underscores that although generative AI tools improved attack quality, their practical application remained limited mainly to augmenting existing malware rather than creating entirely new AI-driven malware families. Threat actors focused more on manipulating disinformation, deepfakes, and voice fraud, especially targeting high-profile individuals and geopolitical campaigns. Meanwhile, law enforcement actions in 2025 disrupted major forums and seized illicit marketplaces, prompting a shift toward quieter, more professionalized extortion practices. The report predicts that by 2026, extortion and ransomware will remain dominant threats, with cybercriminals refining their tactics in response to legislative measures that discourage ransom payments. Overall, the report emphasizes that the cyber threat landscape continues to evolve rapidly, driven by technological advances, criminal sophistication, and ongoing enforcement efforts.
Critical Concerns
The report from Intel 471 warns that extortion breaches jumped 63% in 2025, and this trend is likely to continue in 2026. This means your business is at increased risk of being targeted by cybercriminals who threaten to release sensitive data or sabotage operations unless they are paid. If your business falls victim, you could face severe financial losses, reputational damage, and legal consequences. These breaches can disrupt daily activities, erode customer trust, and result in costly recovery efforts. Therefore, it is crucial for your business to strengthen cybersecurity defenses and stay vigilant, as this escalation in extortion attacks could affect any industry or company size if not properly managed.
Possible Next Steps
In today’s rapidly evolving cybersecurity landscape, prompt and effective remediation is critical to minimizing damage from breaches, especially when threat actors escalate their efforts. According to recent Intel 471 reports, extortion breaches surged by 63% in 2025, with ongoing activity anticipated into 2026, underscoring the urgent need for organizations to act swiftly to protect sensitive data and maintain trust.
Rapid Response
Implement immediate incident response protocols to contain the breach, including isolating affected systems and disabling compromised accounts.
Threat Identification
Utilize advanced threat intelligence tools to identify the attack vector, the scope of the breach, and the actors involved.
Patch and Update
Apply critical security patches and updates to vulnerable systems to prevent further exploitation of known weaknesses.
Data Recovery
Restore compromised data from secure backups, ensuring the integrity and confidentiality of restored information.
Communication
Inform stakeholders, including customers and regulatory bodies, in compliance with legal and industry standards, facilitating transparency and trust.
Weakness Mitigation
Conduct comprehensive vulnerability assessments to identify and address security gaps that allowed the breach.
Enhanced Monitoring
Deploy continuous monitoring solutions to detect anomalous activity early, enabling quicker response to potential threats.
Training and Awareness
Educate employees on cybersecurity best practices, phishing risks, and social engineering tactics to reduce the likelihood of future breaches.
Policy Review
Update and enforce security policies that emphasize proactive measures, incident handling, and breach response protocols.
Collaboration
Share threat intelligence and remediation strategies with industry peers and cybersecurity agencies to stay ahead of emerging extortion tactics.
Advance Your Cyber Knowledge
Discover cutting-edge developments in Emerging Tech and industry Insights.
Understand foundational security frameworks via NIST CSF on Wikipedia.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
