KELA Reports Record Cybercrime Growth with $2.86 Billion Credentials Exposed

Cybercrime escalated to unprecedented levels in 2025, as KELA unveiled its latest findings in The State of Cybercrime 2026: Emerging Threats & Predictions. The report highlights a dramatic surge in global cyber threats, fueled by evolving attacker strategies and the rapid adoption of autonomous malicious AI systems that increasingly outpace conventional defenses.

According to KELA’s Cyber Intelligence Center (CIC), cybercriminals intensified their operations significantly throughout the year. In fact, researchers recorded 7,549 ransomware victims globally, marking a sharp 45% rise compared to the previous year. Notably, more than half of these victims were based in the United States, underscoring the scale and geographic concentration of attacks.

Moreover, the report reveals a fundamental shift in how attackers leverage artificial intelligence. Instead of executing manual intrusions, threat actors now employ a tactic known as “Vibe Hacking.” Through this method, they manipulate AI assistants into carrying out malicious commands by masking them as legitimate instructions. As a result, cybercriminals can automate large portions of their operations with minimal human involvement.

At the same time, organizations face growing internal risks due to the rise of “Shadow AI.” Employees across departments—from R&D to administrative roles—often use unauthorized AI tools, inadvertently exposing sensitive data or credentials. Consequently, without centralized governance and asset visibility, businesses create hidden vulnerabilities that attackers can exploit with ease.

In addition, the report emphasizes a concerning evolution in ransomware tactics. Increasingly, threat actors—especially those linked to nation-state operations—use ransomware attacks as a diversion. While organizations focus on containment, attackers quietly steal data, map networks, or establish persistent access elsewhere. Therefore, the visible disruption often masks deeper, more damaging breaches.

Another critical insight centers on identity-based attacks. KELA identified a staggering 2.86 billion compromised credentials in 2025, with over 30% linked to business cloud and authentication platforms. By simply logging in with stolen credentials rather than breaking through defenses, attackers effectively bypass traditional security measures. This shift places identity protection at the forefront of cybersecurity priorities.

Furthermore, platform-specific assumptions about security are rapidly eroding. As infostealer malware becomes more sophisticated and cross-platform, attackers are no longer constrained by operating systems. For instance, macOS infections surged dramatically—from fewer than 1,000 cases in 2024 to over 70,000 in 2025—representing an astonishing 7,000% increase.

“We’re seeing a fundamental pivot in adversary behavior with the shift from AI-assisted tools to fully autonomous, agentic malicious workflows, where over 80% of operations require minimal human oversight,” said David Carmiel, CEO of KELA. “Attackers no longer need to break in through a backdoor, they can quickly find the key and walk through the front using stolen credentials. Organizations relying on stale intelligence and legacy defenses instead of AI-powered solutions are leaving the door wide open to attacks.”

Beyond these developments, the report outlines several additional trends shaping the cybercrime ecosystem. The number of active ransomware groups reached 147 in 2025, including 80 newly emerged entities. Meanwhile, exploited vulnerabilities increased by 28%, reflecting a growing underground market for ready-to-use exploit tools.

Simultaneously, hacktivism surged by 400% year-over-year, with over 250 new groups responsible for approximately 3,500 distributed denial-of-service (DDoS) attacks. These campaigns increasingly targeted critical infrastructure, amplifying global risk. Additionally, state-backed cyber activities aligned closely with geopolitical tensions, including conflicts involving Russia-Ukraine, Israel-Iran, the United States-China rivalry, and North Korea.

In conclusion, KELA’s report paints a clear picture of a rapidly evolving threat landscape. As cybercriminals embrace automation, AI, and identity-based attacks, organizations must adapt quickly. Without proactive, AI-driven security strategies, businesses risk falling behind in a digital arms race that shows no signs of slowing down.

Source- globenewswire.com

Recommended Cyber Technology News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

🔒 Login or Register to continue reading

Tags: AI threats, Credentials Theft, cybercrime, data breach, KELA Report, ransomware

CyberTech Media Room

CyberTech Media Room is the editorial intelligence arm of CyberTech Insights, focused on delivering high-impact narratives at the intersection of cybersecurity, data infrastructure, AI systems, and enterprise risk. Built for decision-makers, analysts, and technology leaders, the CyberTech Media Room translates complex security developments into structured, actionable intelligence. Its coverage spans threat landscapes, regulatory shifts, cyber resilience frameworks, and emerging technologies shaping modern enterprise defense. The editorial approach is grounded in three principles: Signal over noise — prioritizing relevance, depth, and strategic clarity over volume Intelligence-led storytelling — combining data, expert perspectives, and market context Decision utility — ensuring every piece contributes to informed business or technology outcomes CyberTech Media Room collaborates with industry practitioners, researchers, and enterprise leaders to surface insights that matter—from boardroom-level risk considerations to operational security strategies. Positioned beyond traditional media, it operates as a strategic intelligence layer for organizations navigating an increasingly complex and adversarial digital environment.