Cyberattacks are growing in frequency, severity, and sophistication. Attackers are adapting faster and targeting more strategically, exploiting emerging technologies and global instability. Understanding these trends is critical to strengthening defenses and aligning security frameworks with modern risks.
Cybercrime is expected to cost $15.6 trillion globally by 2029 and one major driver is artificial intelligence (AI). AI lowers the bar for entry into cyber crime by enhancing the speed, scale, and effectiveness of existing attack methods. This is especially true for phishing and social engineering attacks, where generative AI is generating increasingly convincing fake emails free of telltale grammar and spelling mistakes.
In the first week of January, the UK’s national library was forced to shut down its online systems and services after a cyberattack. The attack, which affected its website and catalogs, was traced back to an infected employee device and is being described as the most severe incident for the library since its opening in 1647.
A new Android remote access trojan, PlayPraetor, has infected more than 11,000 devices across Portugal, Spain, France, Morocco, and Peru. Researchers at cybersecurity company Cleafy say the Trojan’s rapid growth is driven by aggressive campaigns targeting Spanish and French speakers.
Zero-day vulnerabilities — flaws that attackers exploit before vendors release patches — are becoming central to many high-profile attacks. Attackers are leveraging them for privilege escalation, lateral movement, and data exfiltration. For example, in the NotPetya attack of 2017, hackers took control of systems at global transport and shipping giant Maersk, pharmaceutical company Merck, food producer Reckitt Benckiser, and construction company Saint-Gobain after gaining access through a zero-day vulnerability in Windows Common Log File System (CLFS). Microsoft released a patch for the vulnerability in April.