> **来源:[研报客](https://pc.yanbaoke.cn)** # **Global Cybersecurity Report Summary - 2025** ## **Core Content Overview** Cyble's 2025 Global Cybersecurity Report highlights the evolving threat landscape, emphasizing the surge in ransomware attacks, data breaches, and the sale of initial access. The report covers key trends, notable incidents, and critical vulnerabilities observed from January to November 2025. ## **Main Threat Trends** ### **1. Initial Access Sales** - **Total Incidents**: 3,013 - **Top Sectors Targeted**: - **Retail**: 594 incidents (19.7% of total) - **BFSI**: 284 incidents (9.4%) - **Government & Law Enforcement Agencies (LEA)**: 175 incidents (5.8%) - **Market Fragmentation**: - The market is not centralized, with many independent sellers. - Top threat actors by post volume: `professorkliq` (55 posts), `cosmodrome` (49 posts), `reve` (45 posts). - These top actors accounted for just over 5% of all posts, indicating a broad and active threat ecosystem. ### **2. Data Breaches and Leaks** - **Total Incidents**: 6,046 - **Top Sectors Targeted**: - **Government & LEA**: 998 incidents (16.5%) - **BFSI**: 634 incidents (10.5%) - **Education**: 387 incidents (6.4%) - **IT & ITES**: 362 incidents (6.0%) - **Retail**: 307 incidents (5.1%) - **Notable Incidents**: - **French Sports Union**: Leaked 7.7 million individuals' data. - **FOG Ransomware**: Leaked 5GB of GitLab source code from six organizations. - **French Insurance Broker**: 67,000 records exposed, including personal and financial details. - **Argentinian Petroleum Firm**: 136 GB of sensitive operational and business data leaked. ### **3. Ransomware Attacks** - **Total Incidents**: 5,967 - **Top Threat Actors**: - **Qilin**: 953 incidents - **Akira**: 696 incidents - **CLOP**: 517 incidents - **Play**: 373 incidents - **INC Ransom**: 339 incidents - **Key Trends**: - **Double Extortion Model**: Dominant tactic where data is exfiltrated before encryption. - **Akira**: Emerged as the second-most prolific ransomware group, targeting Construction, Manufacturing, and Professional Services. - **CLOP**: Focused on zero-day exploits, particularly in file transfer solutions. - **Qilin**: Dominated the manufacturing and construction sectors. - **INC Ransom**: Targeted Healthcare, Education, and Government due to high-value data and critical services. - **FOG and Dragonforce**: Targeted SMBs with weaker security postures. ### **4. Critical Vulnerabilities** - **Vulnerability Severity**: - Over 86% of analyzed CVEs had a CVSSv3 score of 7.0 or higher. - **Zero-Day Vulnerabilities**: Notable ones include: - **CVE-2025-24085 (Visionos)**: CVSS 10.0 (Apple) - **CVE-2025-24201 (Visionos)**: CVSS 10.0 (Apple) - **CVE-2025-23006 (Sma1000)**: CVSS 9.8 (Sonicwall) - **CVE-2025-24813 (Tomcat)**: CVSS 9.8 (Apache) - **Vulnerable Products**: - Network security appliances (FortiGate, Cisco Identity Services Engine) - Enterprise software (Oracle, SAP, Microsoft Office) - Identity management solutions (Fortinet, Oracle) - **Recommendations**: - Prioritize patching of known exploited vulnerabilities. - Implement network segmentation to limit lateral movement. - Enhance monitoring and response capabilities. ## **Key Takeaways** - **Cybercrime Focus**: - Threat actors target industries with high-value data and low tolerance for downtime. - Retail, BFSI, and Government remain the most impacted sectors. - **Ransomware Landscape**: - Qilin and Akira are the most active ransomware groups. - CLOP's zero-day campaigns highlight the increasing sophistication of cybercriminals. - **Market Dynamics**: - The initial access and data breach markets are highly fragmented with many sellers. - Ransomware-as-a-Service (RaaS) continues to evolve and diversify. - **Geopolitical Influence**: - Hacktivism and state-sponsored attacks remain a significant concern. - Cybercrime-as-a-service platforms enable widespread and financially motivated attacks. - **Future Outlook**: - Akira and Qilin are expected to dominate the ransomware landscape. - Zero-day exploits will continue to be a key vector for large-scale attacks. - Supply chain attacks are likely to increase, with Professional Services and IT being key targets. ## **Conclusion** The 2025 cybersecurity landscape was marked by a surge in ransomware, data breaches, and the sale of initial access. Threat actors strategically targeted high-value sectors, leveraging both known and zero-day vulnerabilities. The market's fragmentation and low barrier to entry suggest a persistent and evolving threat environment, requiring robust mitigation strategies and proactive security measures.