Infostealers and Ransomware Surge as Cybercriminals Expand Tactics
Cybercrime has reached “an unprecedented level of sophistication,” according to KELA’s State of Cybercrime 2024 cybersecurity report. The study highlights how cybercriminals are forming alliances, adopting artificial intelligence (AI), and exploiting vulnerabilities at a scale never seen before.
A Year of Alarming Growth in Cyber Threats
Infostealer malware and ransomware remain the most dominant threats. KELA tracked over 4.3 million infected machines, leading to the compromise of more than 330 million credentials. These stolen credentials were used to conduct large-scale ransomware campaigns. In another evolution touched on in other cybersecurity reports, ransomware groups shifted towards data extortion, moving beyond traditional encryption-based attacks.
David Carmiel, CEO of KELA, stressed the importance of proactive defense: “Organizations must shift from a reactive stance to a proactive, intelligence-driven approach. The cyber threat landscape is evolving too quickly to rely on outdated security measures.“
Infostealers: The Silent Threat Powering Cybercrime
Infostealers have become the primary method for cybercriminals to access corporate systems. In 2024, they facilitated significant cyberattacks, including the Snowflake data breach, which exposed data from at least 165 companies.
- Lumma, StealC, and Redline accounted for 75% of all infections.
- 3.9 billion compromised credentials were shared on underground markets.
- Attackers leveraged stolen data to infiltrate corporate networks, launch ransomware attacks, and steal sensitive financial information.
As companies store more credentials digitally, infostealers are expected to remain one of the biggest threats in 2025.
Ransomware Expands Beyond Encryption
Despite law enforcement crackdowns, ransomware groups continued to grow. In 2024, KELA tracked over 5,230 ransomware victims. That represents a 10.5% increase from the previous year.
Key insights from the report:
- RansomHub surpassed LockBit as the most active ransomware group, claiming over 520 victims.
- Attackers are increasingly using data extortion tactics, threatening to leak sensitive information instead of encrypting systems.
- Supply chain attacks became popular, allowing criminals to compromise multiple organizations at once.
In 2025, ransomware groups are expected to diversify their monetization strategies while continuing to operate ransomware-as-a-service (RaaS) platforms.
Exploited Vulnerabilities: Cybercriminals Strike Faster Than Ever
Cybercriminals wasted no time in exploiting newly discovered vulnerabilities in 2024. Discussions about new Common Vulnerabilities and Exposures (CVEs) appeared on cybercrime forums within one month of disclosure.
The most targeted vulnerabilities included:
- Fortinet FortiOS (CVE-2024-21762, CVE-2024-23113) – Allowed unauthorized access.
- Microsoft Outlook (CVE-2024-21413) – Used for remote code execution attacks.
- D-Link Cloud Storage (CVE-2024-3273) – Enabled attackers to execute arbitrary commands.
Companies that fail to patch vulnerabilities quickly remain at high risk of cyberattacks in 2025.
Hacktivists and State-Sponsored Actors Blur the Lines
Over 200 new hacktivist groups emerged in 2024, conducting more than 3,500 DDoS attacks, often in response to geopolitical events. Many of these groups formed alliances with cybercriminals and state-sponsored actors, making attribution more difficult.
State-backed cyber threats intensified, with Russia, China, Iran, and North Korea engaging in cyber operations linked to elections, economic espionage, and influence campaigns. AI-driven deepfakes were increasingly used in disinformation campaigns, raising concerns ahead of major global events in 2025.
AI Abuse: Cybercriminals Weaponizing Large Language Models
Cybercriminals exploited AI-powered tools at an alarming rate in 2024. AI threats included:
- Jailbreaking large language models (LLMs) to bypass security restrictions.
- Stealing credentials for AI platforms like ChatGPT (3 million accounts compromised) and Gemini (174,000 accounts compromised).
- Using deepfakes to create fraudulent identities and manipulate public perception.
KELA predicts that AI-powered cybercrime will escalate in 2025, with adversaries using backdoored AI models and automated phishing campaigns to amplify their reach.
The Outlook for 2025: Cybercrime’s Next Moves
As cyber threats grow in complexity, KELA forecasts:
- Infostealers will remain the most common initial access method.
- Ransomware actors will refine their extortion tactics, prioritizing supply chain attacks.
- Vulnerability exploitation will continue to accelerate, with attackers targeting unpatched systems.
- AI-driven cybercrime will evolve, introducing new threats such as adversarial AI attacks.
Carmiel emphasized the need for intelligence-driven security strategies:
“Cybercriminals are evolving at an unprecedented pace. Organizations that fail to adapt will find themselves increasingly vulnerable in 2025.”
To combat these threats, businesses must strengthen threat intelligence capabilities, enforce multi-factor authentication, and prioritize rapid vulnerability management.
Final Thoughts
Final thoughts…. Same as before, The State of Cybercrime 2024 report, like so many others we’ve reported on deliver a strong messsage. There is an urgent need for proactive security measures. As attackers embrace AI, infostealers, and new monetization models, businesses must invest in intelligence-driven defense strategies to combat emerging threats.
Other News: 2025 Cybersecurity Trends: AI, Ransomware, and Cyberattack Surge(Opens in a new browser tab).
