Global Cybersecurity Trends: February 2025 PDF Free Download
1 / 19
/19
100%
A Vision Rooted in Collective Resilience
In the face of evolving cyber threats, our commitment is not just to protect organizations but to empower the global community. This
report is a testament to our proactive approach, offering insights that go beyond mere security measures. Together, let's build a resilient
digital future. The Cyber Report we're providing is a valuable resource for individuals across all backgrounds, ensuring a safer digital
environment for everyone.
This report is the culmination of the Founder9s steadfast commitment to community welfare and education. With meticulous attention,
this document aims to provide readers with crucial situational awareness concerning cyber threats impacting the global community. The
underlying vision is deeply rooted in the belief that shared knowledge is pivotal for fostering collective resilience in the face of the
continually evolving landscape of digital challenges. Beyond safeguarding organizational interests, these aspirations extend to fortifying
the broader community against targeted cyber campaigns.
The report stands as a tangible manifestation of that commitment, seeking to quantify global risks, provide strategic insights, and
cultivate a culture of cybersecurity vigilance that transcends organizational boundaries. As we navigate through this comprehensive
analysis, it becomes abundantly clear that he envisions a safer digital environment, wherein individuals, businesses, and nations are
equipped with the requisite tools and understanding to effectively combat cyber threats.
02
This report is
intended for these
roles:
Chief Information Security Officer
Director of Cyber Security
Cyber Security Architect
Cyber Security Consultant
Cyber Security Manager
Information Technology Security Specialist
Information Security Manager
Director of Information Technology
Cyber Security Analyst
Cyber Security Engineer
03
Verticals:
Accounting & Financial Services, Apparel & Fashion, Automotive, Aviation &
Aerospace, Banking, Business Consulting and Services, Civic & Social
Organization, Construction, Consumer Services, Defense & Space, Computer &
Network Security, Delivery Services, Education, Environmental Services,
Farming, Financial Services, FMCG, Furniture, Gov, Health Care, Hospitality,
Human Resources Services, Industrial Engineering, Information Technology &
Services, Insurance, International Trade & Development, Legal Services,
Logistics & Supply Chain, Luxury Goods & Jewellery, Management Consulting,
Manufacturing, Membership Organizations, Mining & Metals, Museums &
Institutions, Music, Nonprofit Organization Management, Oil & Energy, Packaging
& Containers, Printing, Public Policy, Publishing, Real Estate, Recreation,
Research, Restaurants, Retail, Apparel & Fashion, Sports, Wholesale,
Telecommunications, Transportation, Utilities, Wellness & Fitness, and Other.
04
Cybersecurity Landscape Analysis
February 2025 saw a surge in cyberattacks, with Clop leading at 336 breaches (32.4%), followed by Ransomhub (12.1%) and Akira (8.3%).
Play (6.6%) and Qilin (5.3%) rounded out the top five, collectively accounting for 64.7% of attacks. Other active groups included Fog,
Lynx, and Cactus, while smaller actors like BianLian and Incransom continued to impact various sectors. The dominance of a few major
ransomware groups highlights an increasingly structured cybercrime ecosystem.
The U.S. remained the most targeted nation, experiencing 661 breaches (67.3%), followed by Canada (6.4%), Germany (4.1%), the UK
(2.8%), and France (2.2%). Latin America and the Asia-Pacific regions saw rising attacks, with Brazil, Mexico, and Australia each reporting
15 breaches. While most cyber activity was concentrated in advanced economies, emerging markets showed increasing vulnerability.
Technology was the hardest-hit industry with 190 breaches (26.6%), followed by Manufacturing (24.2%) and Consumer Services (13.7%).
Transportation & Logistics (9.4%) and Healthcare (8.5%) remained high-risk sectors due to ransomware threats and critical
infrastructure vulnerabilities. Financial Services, Business Services, and Education also faced notable incidents, emphasizing the need for
stronger cybersecurity across all sectors.
The cyber threat landscape remains highly concentrated, with major ransomware groups leading attacks. While SMEs continue to be the
primary targets due to weaker defenses, large enterprises face persistent threats. The U.S. remains the top target, with cyber risks
expanding in emerging markets. Technology and Manufacturing consistently rank as the most vulnerable industries.
February 2025 reinforced the dominance of organized ransomware groups, a geographic concentration in advanced economies, and
high-risk sectors like technology and manufacturing. Organizations must strengthen defenses, prioritize threat intelligence, and adopt
proactive cybersecurity strategies to counter evolving cyber threats.
Top Attackers
Clop: 32.4%
Ransomhub: 12.1%
Akira: 8.3%
Top Targets
U.S.: 67.3%
Canada: 6.4%
Germany: 4.1%
05
Threat Actor Group Analysis
In February 2025, cyberattacks were dominated by a few highly active threat actor groups, with Clop leading the list at 336 breaches
(32.4%), marking it as the most aggressive ransomware operation this month. Ransomhub followed with 126 breaches (12.1%),
demonstrating its continued prominence. Akira ranked third with 86 breaches (8.3%), while Play and Qilin reported 68 breaches (6.6%)
and 55 breaches (5.3%), respectively. Together, these top five groups accounted for 64.7% of all cyberattacks, underscoring the
concentration of breaches among a few dominant actors.
Other notable contributors included Fog (58 breaches, 5.6%), Lynx (43 breaches, 4.1%), and Cactus (37 breaches, 3.6%), highlighting their
increasing involvement in cybercrime. Medusa (31 breaches, 3%), Funksec (27 breaches, 2.6%), and KillSec & SafePay (24 breaches each,
2.3%) also played a significant role. Smaller but active groups like BianLian (19 breaches, 1.8%) and Incransom (19 breaches, 1.8%)
continued to impact various sectors.
Lower-activity threat actors, such as APT73 (7 breaches, 0.7%), Cicada3301 (13 breaches, 1.3%), Kraken (7 breaches, 0.7%), and Termite (7
breaches, 0.7%), maintained their presence. Additionally, Everest, ArcusMedia, SpaceBears, and RansomHouse recorded 4-5 breaches
each, showing that while smaller, these groups continue to be active.
Overall, February 2025 saw a sharp rise in Clop ransomware attacks, making it the most dominant group. Meanwhile, Ransomhub and
Akira maintained steady attack volumes, reflecting their sustained impact. The concentration of breaches within a few major groups
indicates a highly organized ransomware ecosystem, with persistent threats targeting multiple industries. Organizations must strengthen
their defenses against ransomware and emerging cyber threats to mitigate potential damages.
Clop
336 breaches
(32.4%)
2
Ransomhu
b
126 breaches
(12.1%)
3
Akira
86 breaches
(8.3%)
4
Play
68 breaches
(6.6%)
5
Fog
58 breaches
(5.6%)
6
Qilin
55 breaches(6.6%)
7
Lynx
43 Breaches (4.1%)
8
Cactus
37 Breaches
(3.6%)
9
Medusa
31 Breaches (3%)
10
Funksec
27 Breaches
(2.6%)
06
Global Breach Trends: February 2025
In February 2025, cyberattacks were heavily concentrated in a few key regions, with the United States experiencing the highest number
of breaches at 661 incidents (67.3%), reaffirming its status as the most targeted nation. Canada followed with 63 breaches (6.4%),
reflecting the ongoing cyber threats faced by North American entities. Germany ranked third with 40 breaches (4.1%), while the United
Kingdom reported 28 breaches (2.8%), and France recorded 22 breaches (2.2%). These top five countries collectively accounted for
82.8% of all breaches, demonstrating a strong geographical focus of cybercriminal activity.
Other significantly impacted nations included Brazil (15 breaches, 1.5%), Italy (15 breaches, 1.5%), Mexico (15 breaches, 1.5%), and Australia
(15 breaches, 1.5%), highlighting the increasing cyber risks in Latin America and the Asia-Pacific region. Spain (10 breaches, 1%), Japan (10
breaches, 1%), and Singapore (9 breaches, 0.9%) also faced notable cyber incidents.
Smaller-scale breaches (fewer than 5 incidents) were recorded in countries such as Sweden, Israel, Hong Kong, and South Korea,
indicating localized but persistent threats. Meanwhile, 13 breaches lacked clear geographic attribution, suggesting either unclassified
cyber incidents or undisclosed attack origins.
Overall, February 2025 reaffirmed the dominance of the U.S. and Canada as primary cyberattack targets, while European nations,
especially Germany, the UK, and France, continued to face substantial risks. The increasing activity in Latin America and Asia-Pacific
signals a broader distribution of cyber threats, requiring heightened security measures in emerging digital economies.
67.3%
United States
661 Incidents
6.4%
Canada
63 Incidents
4.1%
Germany
40 Incidents
2.8%
United Kingdom
28 Incidents
2.2%
France
22 Incidents
1.5%
Italy
15 Incidents
1.5%
Brazil
15 Incidents
1.5%
Australia
15 Incidents
1.5%
Mexico
15 Incidents
07
February 2025 Industry Breach
Insights
08
Dark Web Alert: February 2025
Prudential Financial
Banco do Brasil
Education Sector
09
Significant Incidents
Financial Sector:
1JPMorgan Chase Data Breach
Date: February 5, 2025
Actor: IntelBroker (Shared on BreachForums)
Details: 150GB of customer banking data, including
account numbers, transaction logs, and internal reports.
Impact: Increased risk of financial fraud, identity theft,
and unauthorized access to banking systems.
2Visa Payment Processor Leak
Date: February 12, 2025
Actor: Anubis__media (Posted on XSS Forum)
Details: Stolen credit card details from over 2.5 million
customers, including CVVs and expiration dates.
Impact: Elevated fraud risks, card cloning, and
unauthorized transactions.
10
Significant Incidents
Healthcare Sector:
1UnitedHealth Group Patient Data Breach
Date: February 8, 2025
Actor: Medusa Ransomware Group
Details: 200GB of patient records, medical histories,
insurance details, and billing information leaked on
Telegram.
Impact: Risks of medical identity theft, fraudulent
insurance claims, and regulatory violations.
2European Pharma Supply Chain Hack
Date: February 22, 2025
Actor: LockBit 3.0
Details: Stolen intellectual property, vaccine production
data, and internal pharmaceutical research.
Impact: Potential counterfeit drugs, IP theft, and supply
chain disruptions.
11
Significant Incidents
Government Sector:
1UK National ID Database Breach
Date: February 16, 2025
Actor: Unknown (Leaked on Exploit.in)
Details: Compromised national ID records, passport
scans, and biometric data.
Impact: Serious threats of identity fraud, unauthorized
immigration, and espionage.
2US Department of Defense Classified Leak
Date: February 27, 2025
Actor: BlackCat APT
Details: Leaked internal military documents,
cybersecurity protocols, and satellite surveillance data.
Impact: National security threats, espionage, and cyber
warfare risks.
12
Significant Incidents
Retail & E-Commerce Sector:
1Amazon Vendor Portal Hack
Date: February 10, 2025
Actor: Stormous Ransomware
Details: Vendor account credentials, order histories, and
payment processing details leaked.
Impact: Risk of fraudulent transactions, business
account takeovers, and supply chain disruptions.
2Alibaba Consumer Data Dump
Date: February 19, 2025
Actor: ShinyHunters
Details: 40 million user accounts, including purchase
histories, payment details, and login credentials.
Impact: Phishing attacks, credential stuffing, and
payment fraud.
13
Significant Incidents
Cryptocurrency & Financial Sector Sector:
1Binance User Data Leak
Date: February 6, 2025
Actor: AnonymousGroup (Sold on Telegram)
Details: API keys, wallet addresses, and KYC details of 1.2
million users.
Impact: Cryptocurrency theft, unauthorized
transactions, and SIM-swapping attacks.
2Kraken Exchange Credential Theft
Date: February 25, 2025
Actor: InfernoStealer Malware Group
Details: Stolen login credentials, 2FA codes, and
withdrawal transaction logs.
Impact: High risk of account takeovers and
unauthorized withdrawals.
14
Implications &
Recommendations
Growing Financial & Healthcare Threats: Targeted attacks on banking and
medical institutions indicate a focus on high-value data theft.
Rise of Cybercrime-as-a-Service: Dark web marketplaces are fueling
easier access to sophisticated hacking tools.
Urgent Need for Enhanced Security Measures: Organizations must
implement multi-factor authentication (MFA), advanced encryption, and
continuous threat monitoring to mitigate risks.
Enhanced
Encryption &
Access Controls
Regular
Cybersecurity
Audits
Consumer Awareness Programs
February 20259s dark web activity demonstrates an increasingly aggressive
cyber threat landscape, requiring businesses, governments, and individuals to
adopt proactive cybersecurity measures to mitigate risks effectively. Ongoing
monitoring of underground forums and timely threat intelligence sharing will be
critical in preventing future large-scale data leaks.
15
Vulnerability and
Attack Surface
Management
In February 2025 we identified 3700 vulnerabilities, with 258 classified as
critical vulnerabilities. It's worth noting that all 3700 vulnerabilities carry an
EPSS score ranging from 0.04% to 96.76%, indicating a High Level of Potential
Exploitation
Foresiet research team has identified exploits available for Opportunistic
Threat actors found in the Dark web, to target easy attacks. Listing a few: CVE-
2025- 27364,CVE-2025-27140,CVE-2025-27133,CVE-2025-27105,CVE-2025-
27096,CVE-2025-26974,CVE-2025-26966,CVE-2025-26943,CVE-2025-
26900, CVE-2025-26793, etc.
16
CVE Monthly Prominent Vulnerability
Disclosures
# Date New Flaws/Fixes
1February 03, 2025 CVE-2024-53104
A zero-day kernel vulnerability that has been exploited in the wild, is a privilege
escalation security flaw in the Android Kernel's USB Video Class driver that allows
authenticated local threat actors to elevate privileges in low-complexity attacks.
2February 06, 2025 CVE-2024-21413
CISA warned U.S. federal agencies on Thursday to secure their systems against
ongoing attacks targeting a critical Microsoft Outlook remote code execution
(RCE) vulnerability.
3February 07, 2025 CVE-2025-0994
Software vendor Trimble is warning that hackers are exploiting a Cityworks
deserialization vulnerability to remotely execute commands on IIS servers and
deploy Cobalt Strike beacons for initial network access.
4February 10, 2025 CVE-2025-24200
Apple has released emergency security updates to patch a zero-day vulnerability
that the company says was exploited in targeted and "extremely sophisticated"
attacks.
5February 10, 2025 CVE-2024-52875
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical
remote code execution vulnerability tracked as.
6February 13, 2025 CVE-2025-1094
Rapid7's vulnerability research team says attackers exploited a PostgreSQL
security flaw as a zero-day to breach the network of privileged access
management company BeyondTrust in December.
7February 14, 2025 CVE-2024-53704
Attackers are now targeting an authentication bypass vulnerability affecting
SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit
code.
8February 14, 2025 CVE-2025-0108
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by
exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing
authentication.
9February 18, 2025 CVE-2025-26465, CVE-2025-26466
OpenSSH has released security updates addressing two vulnerabilities, a man-in-
the-middle (MitM) and a denial of service flaw, with one of the flaws introduced
over a decade ago.
10 February 19, 2025 CVE-2025-0111, CVE-2025-0108, CVE-2024-9474
Palo Alto Networks warned that a file read vulnerability (CVE-2025-0111) is now
being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-
9474) to breach PAN-OS firewalls in active attacks.
11 February 21, 2025 CVE-2025-23209
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft
CMS remote code execution flaw is being exploited in attacks.
17
Recommended Actions
Enhanced Cybersecurity Measures: Urgent reinforcement of cybersecurity protocols, including regular updates, patches, and
securing critical systems against known vulnerabilities.
Heightened Vigilance: Continuous monitoring of networks and systems, particularly in critical sectors like government, defense,
healthcare, and finance.
Employee Awareness Training: Educate employees on cybersecurity best practices, including password hygiene, phishing
awareness, and device security.
Incident Response Planning: Develop robust incident response plans to minimize damage in case of a cyber attack or breach.
Dark Web Monitoring: Continuous monitoring of Dark Web channels for potential data leaks, threats, or indications of upcoming
attacks.
18
Foresiet Integrated Digital Risk Protection (IDRP)
(One-Click Plug and Play IDRP Solution)
1 2
3
4
56
7
8
1
Digital Risk Rating
Real-time digital risk monitoring to secure operations
from unseen threats.
2Brand Protection & Takedown
Powerful surveillance to deter intellectual property theft
and protect brand integrity.
3
Compliance Assessment
Thorough assessments to ensure impeccable standards
within the organization and across the entire vendor
network. 4Attack Surface Management
Comprehensive attack surface management to reduce
exposure and seal off vulnerabilities.
5
Threat Intelligence
Advanced threat analytics to gain unparalleled foresight
and outsmart potential cyber attacks. 6Anti-Phishing Shield
Proactive phishing defense system to ward off deceptive
threats and keep communications and data secure.
7
Dark Web Monitoring
Organization gains the tools to detect and mitigate risks
lurking in the shadows before they harm your business. 8Third-party Monitoring
It provides a comprehensive framework to assess,
monitor, and manage third-party vendors.
Third-Party Risk Management Software provides a comprehensive framework to assess, monitor, and manage risks from third-party
vendors, ensuring your business stays secure and compliant.Foresiet's Integrated Digital Risk Protection (IDRP) solution is your one-stop
shop for cyber defense. It scans the deep and dark web for threats to your brand, identifies vulnerabilities in your IT infrastructure, and
assesses the cybersecurity posture of your vendors. Plus, it shields your employees from phishing attacks and protects your online
reputation from impersonation and counterfeiting. In short, Foresiet IDRP gives you 360-degree visibility and protection against today's
most sophisticated cyber threats.
Contact us: +91 8169451052 | info@foresiet.com
19
Digital Risk Rating Brand Protection & Takedown
Compliance Assessment
Attack Surface Management
Threat IntelligenceAnti-Phishing Shield
Dark Web Monitoring
Third-party Monitoring
