Cyberattacks Surge: Acronis H2 2025 Cyberthreats Report
FinTech BizNews Service
Mumbai– February 18, 2026 – Acronis, a global leader in cybersecurity and data protection, released its biannual report, “Acronis Cyberthreats Report H2 2025: From exploits to malicious AI”, analyzing global threat activity based on telemetry collected by the Acronis Threat Research Unit (TRU) and Acronis sensors. The report highlights key trends observed throughout 2025, with a focus on the second half of the year.
The findings reveal a continued surge in cyberattacks. Email-based attacks increased 16% per organization and 20% per user year-over-year, while phishing remained the leading entry point, responsible for 52% of attacks targeting managed service providers (MSPs). Advanced attacks on collaboration platforms jumped from 12% in 2024 to 31% in 2025, signaling a shift toward high-impact secondary attack channels.
Key cybersecurity trends in 2025 include:
● PowerShell abuse dominates: The most abused legitimate tool globally, particularly in Germany, the U.S., and Brazil.
● Phishing remains rampant: In H2 2025, phishing accounted for 83% of all email threats.
● High-risk MSP vulnerabilities: All MSP-platform CVEs disclosed in 2025 were rated High or Critical, despite overall low numbers.
● AI goes operational: Cybercriminals increasingly integrated AI into day-to-day attack workflows, including reconnaissance, ransomware negotiation, and social engineering.
● Geographic hotspots: India, the U.S., and the Netherlands saw the highest mass infection and lateral movement rates, while South Korea was the most malware-affected country, with 12% of users impacted.
● Sector pressure points: Manufacturing, technology, and healthcare were the top ransomware targets due to uptime pressure and complex, distributed environments.
2025 also saw a dramatic rise in AI-assisted cybercrime. Threat actors leveraged AI to scale attacks, automate reconnaissance, and optimize extortion strategies. For example, GLOBAL GROUP used AI-driven systems to manage ransomware negotiations efficiently across multiple victims, while GTG-2002 employed AI-assisted reconnaissance and data exfiltration to maximize impact. Even social-engineering attacks evolved: virtual kidnapping scams used AI to generate convincing “proof of life” images, deceiving victims and amplifying psychological pressure. These innovations highlight a new era of cybercrime, where speed, sophistication, and scale challenge traditional defenses.
“As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware, but are leveraging AI to act faster, more efficiently, and at greater scale,” said Gerald Beuchelt, CISO at Acronis. “Attackers are increasingly integrating AI into their operations, so the cybersecurity landscape is entering a new era. This shift requires organizations to anticipate threats, automate defenses, and build resilient systems capable of withstanding both traditional and AI-driven attacks.”
Ransomware continued to dominate the threat landscape. Nearly 150 MSP and telecom organizations were directly targeted, while over 7,600 victims were publicly disclosed globally. The most active ransomware groups included Qilin (962 victims), Akira (726), and Cl0p (517). Manufacturing, technology, and healthcare sectors were disproportionately affected, with the United States recording the highest number of victims at 3,243. New ransomware groups also emerged in H2 2025, including Sinobi, TheGentlemen, and CoinbaseCartel.
Supply chain and MSP-targeted attacks remain a significant concern. Attackers exploited RMM tools such as AnyDesk and TeamViewer, impacting over 1,200 third-party and supply chain victims, with the U.S. seeing the greatest exposure at 574 victims. Akira and Cl0p were the dominant actors in these attacks, underscoring the persistent risk to MSPs and their clients.
