Last year, X-Force predicted that once AI technology builds market advantages – when a technology approaches 50% of its market share or market consolidates to three or fewer technologies, investment in AI models and solutions will be incentivized to invest in attack toolkits. “Are we still here? Not yet complete, but adoption is growing,” the report said. “The percentage of companies that incorporate AI into at least one business function rose sharply to 72% in 2024, a 55% increase from the previous year.”
“New technologies, such as AI, create new surfaces for attacks. Security researchers are sprinting and finding vulnerabilities before attackers. We hope that vulnerability in AI frameworks will become more common over time, such as remote code execution vulnerability found in frameworks that build AI Adents X-Force,” IBM. “Recently, an active attack campaign against a widely used open source AI framework has been discovered, affecting education, cryptocurrency, biopharmaceuticals and other sectors. Weaknesses in AI technology translate into attackers exploiting attackers’ vulnerability.”
Other X-Force findings include:
- Relying on traditional technology and slow patch cycles has proven to be an enduring challenge for critical infrastructure organizations, as cybercriminals deprived of vulnerability in the department’s vulnerability last year in a major quarter of IBM X-Force incident. When reviewing most common vulnerabilities and exposures (CVEs) mentioned on most Dark Web forums, IBM X-Force found that four of the top ten were associated with complex threat actor groups, including nation-state rivals, escalated the risks of disruption, spy, Espionage and Fancalialage and Fancalial.
- Ransomware attacks continue to hurt. “Analysis of dark web data shows that ransomware activity has increased by 25% throughout the year. Taking a cross-platform ransomware approach, supporting Windows and Linux, also seems to be the norm among ransomware threat groups – extending attack-style attack groups – although lansomware is a dangerous trend, it remains a dangerous trend. Statement. Ransomware includes nearly one-third (28%) of malware incident response cases and 11% of security cases, which is a decline in the past few years.
- Despite the overall decline in phishing attacks, IBM found a peak of 84% in phishing emails delivering weak machines in 2024, while data from early 2025 showed a larger increase (180%). These stolen credentials can be used for subsequent identity-based attacks.
- With the effectiveness of endpoint detection and response (EDR) solutions, threat actors have moved to use phishing as shadow vectors to provide InfoStealer malware. In 2024, X-Force observed an 84% increase in weak pebbles delivered through phishing. InfoStealer certificates sold on the Dark Web rose 12% year-on-year, indicating an increase in usage. The data stolen by the attacker (18%) than last year’s encryption (11%) is used as advanced detection technology and adds to the pressure of the attacker to make it spin to make it exit paths faster.
- IBM X-Force worked with Red Hat Insights to find that over half of Red Hat Enterprise Linux customers’ environments do not have at least one critical CVE unresolved, while 18% of CVEs face five or more vulnerabilities. Meanwhile, IBM X-Force found that the most active ransomware families (such as Akira, Clop, Lockbit, and RansomHub) now support the Windows and Linux versions of its ransomware.
- For the fourth consecutive year, manufacturing is the most attacked industry. Faced with the largest number of ransomware cases last year, the industry’s crypto ROI is high due to extremely low downtime.
