Explore more publications!
Israel Daily Voice
Got News to Share?

Cybercrime Hits Record Scale with 2.86 Billion Credentials Stolen in 2025 as Ransomware Evolves Beyond Extortion, KELA Finds

KELA’s annual cybercrime analysis uncovers ransomware up 45% as malicious AI becomes cybercrime’s weapon of choice

Tel Aviv, Israel, April 29, 2026 (GLOBE NEWSWIRE) -- [Tel Aviv, Israel – April 29, 2026] — KELA, a global leader in cyber threat intelligence and external threat exposure management, today released The State of Cybercrime 2026: Emerging Threats & Predictions, its annual analysis of the global cybercrime landscape. The report reveals a record surge in cybercrime activity, driven by a fundamental shift in attacker behavior and the adoption of malicious, autonomous AI that is outpacing traditional organizational defenses.  KELA’s Cyber Intelligence Center (CIC), an elite team of cybercrime researchers and threat analysts, tracked 7,549 ransomware victims in 2025, a 45% increase over the previous year, with more than 53% located in the US.

The report identifies a major shift in how hackers use AI. Instead of manually attacking a network, criminals are using a technique called ‘Vibe Hacking’ to trick AI assistants into performing malicious tasks by disguising them as legitimate requests. KELA confirms that major global threat groups are already using these autonomous tools to run large parts of their operations with almost no human help. Additionally, as companies link multiple AI tools together, a ‘trust gap’ emerges: once a hacker tricks one AI agent, it can spread instructions to every other connected system, bypassing traditional security entirely.

KELA reports that organizations face systemic internal risks from ‘Shadow AI’, across all departments, from R&D to administrative and intelligence roles, where the input of confidential data or credentials into unauthorized tools can lead to immediate data leakage. These findings indicate that without a centralized asset registry and strict governance, Shadow AI creates an unmonitored attack surface that leaves even non-technical sectors vulnerable to exploitation.

The report finds that a growing subset of attacks, particularly those linked to nation-state actors, use ransomware as a distraction to conceal more strategic objectives such as data theft or business disruption. As victims focus on containment, threat actors quietly exfiltrate data, conduct reconnaissance, or establish persistent access elsewhere in the network. In these cases, the visible attack is not always the one that causes the most damage.

Underlying this surge in ransomware is a growing reliance on stolen credentials as the primary method of access. KELA’s CIC identified 2.86 billion compromised credentials in 2025, with business cloud and authentication services accounting for more than 30% of all exposed data. By logging in rather than breaking in, attackers bypass traditional cyber defenses entirely, making identity the most critical attack surface organizations must now defend.

This trend is also breaking long-standing assumptions about platform security. As infostealer malware becomes increasingly cross-platform, attackers are no longer limited by operating system. Notably, infections on macOS devices increased from fewer than 1,000 cases in 2024 to more than 70,000 in 2025, a 7,000% increase.

"We’re seeing a fundamental pivot in adversary behavior with the shift from AI-assisted tools to fully autonomous, agentic malicious workflows, where over 80% of operations require minimal human oversight,” said David Carmiel, CEO of KELA. “Attackers no longer need to break in through a backdoor, they can quickly find the key and walk through the front using stolen credentials. Organizations relying on stale intelligence and legacy defenses instead of AI-powered solutions are leaving the door wide open to attacks.”

Additional Key Findings

  • With 147 active ransomware groups recorded in 2025, the criminal ecosystem remains dynamic, highlighted by the emergence of 80 entirely new threat entities as others disbanded.
  • Known exploited vulnerabilities increased 28% from 185 to 238, as underground markets shift toward fully weaponized, ready-to-deploy exploit scripts
  • Hacktivism surged 400% year-over-year, with over 250 new groups claiming approximately 3,500 DDoS attacks, increasingly targeting critical infrastructure 
  • State-backed cyber activity aligned closely with global conflict zones, including Russia-Ukraine, Israel-Iran, US-China, and North Korea, spanning espionage, disruption, and distraction

The State of Cybercrime 2026: Emerging Threats & Predictions is available for download here. The full report includes detailed threat actor profiles, dark web intelligence, sector-specific analysis, and immediate takeaways for security teams. 

About KELA 

KELA is a global leader in proactive cyber defense, delivering an AI-centric unified exposure management platform consolidating Cyber Threat Intelligence (CTI), External Attack Surface Management (EASM), Continuous Threat Exposure Management (CTEM) and Third-Party Risk Management (TPRM) capabilities to empower security teams across the threat lifecycle. KELA is trusted by global brands and governments across North America, Asia, and Europe, and is part of the KELA Group. For more information, please visit https://www.kelacyber.com/.


Ben Kapon
Kela Research and Strategy
+972-52-6100006
benk@ke-la.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
Facebook Facebook LinkedIn LinkedIn
AGPs

Get the latest news on this topic.

SIGN UP FOR FREE TODAY

No Thanks

By signing to this email alert, you
agree to our Terms & Conditions