Summary: Main Cyber Threats and Attacks 2025

By ESED - It & CyberSecurity on Jan 15, 2026 12:00:01 PM

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Summary: Main Cyber Threats and Attacks 2025</span>

In 2025, organizations faced an unprecedented increase in digital attacks, from AI-powered phishing to supply chain breaches. These incidents not only compromise data and operations but also affect reputation and business continuity, regardless of company size.

Next, we review the main threats that defined 2025.

Nueva llamada a la acción

Supply Chain Cyberattacks

In 2025, attackers exploited vendors, third-party software, and cloud services to infiltrate organizations without attacking them directly. These attacks doubled compared to 2024, with cases like Oracle Cloud exposing 6 million records. The lack of third-party visibility and the increasing sophistication of attackers make supply chain security a critical priority.

These attacks are often more costly and prolonged than conventional incidents, with average global costs exceeding $4.4 million. Organizations are implementing SBOMs, dependency audits, and security clauses in contracts to reduce risks and increase supply chain resilience.

DDoS Attacks

Distributed Denial of Service (DDoS) attacks increased in frequency and scale. Cloudflare blocked more than 20 million attempts in the first quarter, including flows up to 7 Tbps. Both small businesses and large critical infrastructures were affected, making DDoS protection a strategic cybersecurity element.

In addition to immediate disruption, DDoS attacks can serve as a distraction for simultaneous ransomware or data exfiltration attacks. Organizations therefore combine automated mitigation with continuous monitoring and rapid response plans.

IoT Threats

With 18 billion connected devices, IoT attacks surged. Botnets, ransomware, and vulnerability exploitation caused an average downtime of 6.5 hours per incident and significant losses in critical sectors. Mitigation requires constant updates, network segmentation, and staff training.

The increase in connected devices also expands the attack surface. Implementing restricted access policies and integrating advanced monitoring solutions is essential to protect infrastructures and users.

Phishing and ransomware

AI-powered phishing grew 466% in Spain, particularly affecting credentials and sensitive data. Ransomware increased 116%, with double extortion and automated attacks, especially targeting SMEs and critical services. Awareness, isolated backups, and strong authentication are key to reducing risks.

These attacks impact not only finances but also reputation and operational continuity. Implementing phishing simulations and rapid response protocols helps minimize exposure time and damage from incidents.

Nueva llamada a la acción

Want to Learn More?

At ESED, we have prepared a complete report on 2025 cyberattacks, with detailed analysis, figures, and defense strategies tailored for businesses. Access the full report here and prepare your organization against the most relevant threats.

Nueva llamada a la acción
Previous story
← How to Prevent Security Breaches in Retail Marketing Campaigns
Real cases of cyberattacks in the Biotech sector
real-cases-of-cyberattacks-in-the-biotech-sector
Cybersecurity

Real cases of cyberattacks in the Biotech sector

Jun 17, 2025 12:52:49 PM 2 min read
IoT and Cybersecurity in the Agri-Food Sector: Allies or Risk?
iot-industria-alimentaria
Cybersecurity

IoT and Cybersecurity in the Agri-Food Sector: Allies or Risk?

Jun 17, 2025 11:00:00 AM 3 min read
How to Design a Cybersecurity Plan for Startups
Cybersecurity

How to Design a Cybersecurity Plan for Startups

Dec 30, 2025 11:00:00 AM 3 min read

Subscribe to our newsletter and stay updated on the latest in technology and cybersecurity.
accio-10-negre (1)
pyme_innovadora_meic-SP_web
kit consulting cabecera