Cyber Threats Exploding

Global cybercrime costs are projected to reach $13.82 trillion by 2028, dwarfing natural disaster damage and rivaling the illegal drug trade. Malware, social engineering, insider threats, and advanced persistent threats (APTs) are key vectors. Iranian APT group MuddyWater is actively targeting U.S. organizations with a novel backdoor called Dindoor, which uses the Deno JavaScript runtime. This campaign, ongoing since early 2026, has hit banking, aviation, non-profits, and tech sectors. MuddyWater leverages social engineering, credential theft, and cloud-based command-and-control. The MuddyWater group is linked to Iran's Ministry of Intelligence and Security (MOIS) and has been active since at least 2017. They're known for rapidly adopting new tools and using multi-language malware. They often coordinate with hacktivist fronts. Telecom providers are now prime targets, facing cybercriminals, ransomware, nation-state actors, and hacktivist groups. In 2025, there were 444 observed telecom threat incidents, including 90 ransomware attacks. Geopolitics are influencing cyber risk mitigation strategies, with 64% of organizations accounting for geopolitically motivated attacks. AI is a double-edged sword, enabling more sophisticated attacks and strengthening defenses. 87% of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk in 2025. AI is being used for adaptive phishing and real-time exploitation. Supply chain and third-party breaches have quadrupled in the last five years. Exploitation of public-facing applications saw a 44% year-over-year increase. Many vulnerabilities (56%) can be exploited without authentication. The rise of AI chatbots and agents creates new attack surfaces, with compromised systems and stored chatbot credentials becoming emerging risks. Over 300,000 ChatGPT credentials were found for sale on the dark web in 2025.