Dive Brief:
- Businesses need to pay attention to identity security and third-party risk management to avoid falling prey to hackers whose techniques have evolved, the risk intelligence company Dataminr said in a threat report published on Wednesday.
- “2025 marked a clear shift from ‘frequent but contained’ cyber losses toward fewer events with materially larger financial and mission impact,” the report said, attributing the shift to “multi-vector attacks” leveraging stolen credentials, data theft, operational disruptions and regulatory exposure.
- Dataminr’s report contains several high-priority recommendations for enterprises, including about supply chain security and the need to look beyond a vulnerability’s severity score.
Dive Insight:
Dataminr is the latest company to conclude that, as its report puts it, “identity is the new perimeter.” The company found that 30% of intrusions now involve the use of stolen credentials. The amount of infostealer malware delivered through phishing campaigns surged 84% during the reporting period. And phishing itself represented the top tactic for breaking into a system, accounting for the initial intrusion in 60% of the cases that Dataminr analyzed.
AI has supercharged phishing operations, with Dataminr observing hackers using AI automation in more than 80% of their social-engineering attacks.
The Scattered Lapsus$ Hunters (SLH) collective, an alliance of several cybercrime gangs, has “arguably perfected the use of AI-enhanced social engineering by leveraging voice phishing (vishing) and other tactics to compromise entire organizations,” Dataminr said.
Supply-chain security remains another major risk vector that businesses need to scrutinize. Roughly one-quarter of breaches involve hackers exploiting vulnerabilities in third-party platforms, according to the report.
The SLH hackers’ activities underscore that risk. The group “managed to compromise SaaS solutions so deeply integrated into other systems that the actors could compromise dozens of organizations at once,” the report said.
The Russia-based Cl0p ransomware gang, meanwhile, emphasized what Dataminr called a “restraint and precision” strategy that saw its hackers lurking inside networks for extended periods of time — and stealing terabytes of corporate data — before issuing their demands. The group mostly targeted manufacturing, consumer goods and IT firms with zero-days exploits, AI automation and encryption-less extortion tactics.
When it comes to vulnerabilities, the severity score doesn’t tell the full story, Dataminr warned. Some of the most costly vulnerabilities didn’t score at the top of the scale, while some high-severity vulnerabilities sometimes led to few major attacks. “It is always important to layer in factors such as likelihood of exploitation, potential business impact, and frequency of targeting,” Dataminr said.
