How Cybercriminals Are Shifting Their Attacks In 2025
Contents
Ransomware and phishing grab headlines, but the real dangers for small businesses often stem from:
- Poor infrastructure visibility.
- No strategic guidance.
- Unpatched vulnerabilities.
- Weak incident response planning.
$35/MO PER DEVICE
Enterprise Security Built For Small Business
Defy your attackers with Defiance XDR™, a fully managed security solution delivered in one affordable subscription plan.
1. Poor Infrastructure Visibility
Attackers are moving beyond traditional endpoints, such as laptops and desktops, which are now harder to compromise due to improved security tools.
Instead, cloud environments like Google Workspace, Microsoft 365, and AWS are becoming prime targets for attackers, with a 95% increase in cloud breaches in 2022 compared to 2021.
Meanwhile, a recent study reveals that one in three breaches involves an IoT device, such as a printer or smart camera.
These overlooked entry points are a goldmine for threat actors.
In November 2024, a malicious actor named “Matrix” exploited unpatched IoT devices to create a global botnet, using the Mirai malware to launch DDoS attacks.
Traditional security tools like endpoint detection and response (EDR) and Security Information and Event Management (SIEM) were designed for simpler times.
EDR focuses on endpoints, such as laptops and servers, while SIEM aggregates logs but often relies on reactive, rule-based detection.
These tools operate in silos, failing to provide a unified view of today’s complex IT environments, which include remote workforces, cloud platforms, and connected devices.
The 2025 Enterprise Data Security Confidence Index surveyed 530 cybersecurity leaders on data security, uncovering troubling gaps in visibility, security, and AI readiness.
A staggering 82% of security teams struggle to identify and classify sensitive data. In addition, 53% of these teams lack real-time visibility, resulting in delays of days or even weeks to locate sensitive data assets.
2. Lack Of Strategic Guidance
The rise of “DIY” security tools has made it tempting for SMBs to cobble together low-cost solutions on their own. But without expert guidance, these efforts often fall short.
Firstly, valuable time is diverted from essential business functions, such as growth, operations, and R&D. Secondly, DIY security poses risks due to a lack of expertise and insight into what to watch for or consider. This expertise can only be gained by individuals with prior experience in CISO positions.
That’s why it’s unsurprising to learn that only 14% of small businesses have a cybersecurity plan. Patching together lightweight software or relying on your IT provider’s basic security suite leaves gaps that attackers exploit.
Beginning your security journey?
Start with the CIS-18 framework, which is tactical, attack-centric, and requires no new technology, just time to implement.
Pairing this with straightforward questions about network devices and penetration tests, and potentially a virtual CISO, provides a practical and digestible approach to efficiently reducing risks.
PurpleSec’s crosswalk mapping (e.g. NIST CSF, CIS-18, PCI) simplifies compliance overlap— check one box, hit three goals.
Free Security Policy Templates
Get a step ahead of your cybersecurity goals with our comprehensive templates.
3. Inconsistent Patching
Unpatched systems present a prime target for hackers.
That’s because 60% of breaches involve vulnerabilities with available patches that weren’t applied. With AI accelerating attacks, the time to compromise a system has now dropped to under 6 minutes.
This means traditional monthly patching schedules can’t keep up. Worse, prioritizing patches solely by CVSS scores ignores real-world attack risks, exposing critical systems.
A continuous vulnerability management program is the solution. This means daily scanning and patching, with remediation prioritized by severity and exploitability.
For SMBs, Defiance XDR™ automates patch management, reducing the mean time to remediate from 60–150 days to hours. Our security experts analyze threats to ensure patches address the most pressing risks first, keeping your business secure without disrupting operations.
4. Weak Incident Response Planning
When a cyberattack hits, your incident response plan—the structured process for detecting, containing, and recovering from a security breach—can make or break your small business.
Without a robust plan, even a minor security incident can spiral into a major crisis, leaving you grappling with prolonged downtime, skyrocketing costs, and a tarnished reputation.
Data paints a stark picture:
On average, it takes organizations 204 days to identify a breach and an additional 73 days to contain that breach. Further, 47% of SMBs do not have an incident response plan.
This gap in preparation is a critical vulnerability that attackers exploit.
The good news?
You don’t need a big budget or a dedicated IT team to build a solid defense. Here are a few actionable steps tailored for SMBs:
- Define Roles Upfront: Identify who’s responsible for each phase—detection, containment, eradication, and recovery. Assign a point person for each, even if it’s just your office manager or a trusted employee.
- Spot Threats Early: Use free cybersecurity tools like network monitoring software to catch anomalies before they escalate.
- Map Out Communication: Create a one-page guide for whom to call—staff, customers, law enforcement—and what to say.
- Practice Makes Progress: Test your plan yearly with a simple tabletop exercise. It’s low-cost and reveals weaknesses fast.
4. Ransomware Attacks
Ransomware remains a top threat, with the average cost of ransomware increasing by 574% from 2019 to 2024 ($761,106 to $5.13M).
52% of global organizations reported ransomware hitting their supply chains in 2023, putting partners and vendors at risk.
Why?
- First, it’s easier to target smaller organizations with fewer resources to dedicate to security. Attackers will compromise a partner or vendor to gain access to their primary target.
- Second, attackers can buy malicious code cheaply through Ransomware-as-a-Service (RaaS). New affiliate models have emerged as a new way to expand their business model.
- Third, AI-driven code development has made malware more sophisticated and faster to produce.
- Fourth, ransomware gangs are forming strategic alliances, pooling resources to launch coordinated attacks.
The result? Average ransom demands hit $1.54M in 2023.
The Breach Report
PurpleSec’s security researchers provide expert analysis on the latest cyber attacks.
Defiance XDR™ proactively detects and responds to ransomware in real time, stopping attacks before they encrypt your data. Pair this with regular backups to reduce your downtime and improve the recovery time of your data.
Learn More: How Does Ransomware Spread?
5. Phishing And Vishing
Business email compromise (BEC) and credential theft via phishing and vishing are skyrocketing, with 74% of data breaches involving the human element.
Attackers no longer rely on generic phishing emails. They craft advanced, tailored campaigns using publicly available data from LinkedIn profiles, corporate websites, or your “About Us” pages.
They’ll scan your network for vulnerabilities, then target specific business units.
For example, your finance team might receive a fake invoice from a “known vendor,” or an employee might get a vishing call from “IT” requesting a password reset.
In advanced cases, attackers will deploy tactics to throw their victims off guard, such as attempting to get them to reply to a phishing email. Or, they will phish the user, leveraging multiple accounts and attack scenarios.
Bottom line:
Annual phishing tests, quizzes, and self-training aren’t enough to stop these sophisticated attacks.
PurpleSec’s social engineering services take a different approach. We design custom phishing and vishing campaigns tailored to your business units and goals, then provide actionable remediation plans to strengthen your defenses.
AI-Powered Attacks Are Happening Now
AI-powered cyber attacks are smarter, faster, and more damaging, enabling cybercriminals to scale operations, evade detection, and strike with precision.
- Phishing: AI crafts hyper-personalized emails mimicking trusted sources, with a 60% success rate in deceiving victims.
- Deepfakes: AI generates realistic fake audio/videos to impersonate executives or loved ones, tricking victims into financial or data disclosures.
- Malware: AI creates adaptive, mutating malware that evades traditional antivirus, persisting to steal data or disrupt systems.
- Reconnaissance: AI automates rapid network scans and builds detailed victim profiles for targeted social engineering.
- Scaling/Personalization: AI launches tailored, high-volume attacks, like fake invoices, overwhelming defenses with precision.
Secure Your LLMs
PromptShield™ is the first AI-powered firewall and defense platform that protects enterprises against the most critical AI prompt risks.
Unfortunately, traditional security can’t keep up with AI’s speed and adaptability. This means defenders must integrate transparent AI with existing tools, maintain human oversight, and regularly update systems to counter evolving threats.
AI Vs AI In Cybersecurity
Autonomous AI agents will independently seek weaknesses, poison training data, or tamper with open-source models, embedding backdoors.
These “malware with a brain” attacks are stealthy, fast (compromising systems in under an hour), and disrupt interconnected AI ecosystems, causing chaos like altered medical records or financial market disruptions.
Share This Article
