Cybersecurity Roundup: Looking Behind Ransomware & Breach Threat Stats

By Roy Urrico

Finopotamus aims to highlight white papers, surveys, blogs and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.

In this cybersecurity roundup, we focus on global ransomware, U.S. data breaches and concealed costs.

Ransomware Levels Hold Steady in July

Ransomware attacks barely moved the needle last month, showing a 1% increase from 371 cases in June to 376 in July, according to the July 2025 Cyber Threat Intelligence Report from cybersecurity consulting firm NCC Group.

“While ransomware activity remained relatively flat in July, this lull should not be mistaken for a reduced threat. We saw a similar dip during the summer months last year, yet the overall threat level remained high. Looking ahead, we anticipate the return of previously disrupted groups, likely in collaboration with social engineering actors in order to start launching more sophisticated and coordinated attacks. Now is not the time for complacency,” said Matt Hull, global head of threat intelligence at NCC Group, which has global headquarters in Manchester, England and North American headquarters in Chicago.

Other key takeaways:

• INC Ransom was the most active threat group in July, responsible for 14% of attacks. Qilin and Safepay were tied in second with 40 attacks respectively, closely followed by Akira with 37..

• Industrials remained the most targeted sector with 27% of attacks.

• Seventy-five percent of all cases globally took place in North America and Europe.

The report also focused on the emerging cyber trend of malware as-a-service (MaaS), which warned the study, “offers a wide range of tools and services, ranging from infostealers and ransomware kits to phishing platforms that come bundled with user friendly dashboards, documentation and dedicated support channels.”

As of late 2024, according to the NCC Group, MaaS made up 57% of all cyber threats and enabled the data exfiltration industry due to its prominence in the cybercrime landscape. In addition, 61% of breaches in 2024 were malware-related and responsible for 343.78 million stolen credentials. Infostealers constitute about 47% of common malware types, as of the fourth quarter of 2024.

MaaS-based thieves stole more than 2.1 billion credentials in 2024. “In 2025, huge tech giants such as Google, Microsoft, and Facebook had more than 184 million unique passwords discovered online, exposing credentials from social media, banking and even government portals. These trends underline the rapid commoditization and profitability of MaaS,” the report revealed.

The Cyber Threat Intelligence Report stated, “Among the latest stealers is the 123 | Stealer, advertised for $120 per month, by the threat actor “Koneko” on XSS. It targets browser-stored credentials, processes, and crypto wallets. The emergence of 123 | Stealer illustrates how MaaS continues to evolve into a streamlined, scalable model that empowers even modestly skilled (threat actors). This is no longer just a malware issue, it becomes an operational challenge.”

The Actual Price of Data Breaches

In a weekly podcast on August 15, 2025, ITRC President James E. Lee looked at IBM’s 2025 Cost of Data Breaches Report (CODB). IBM assessed the global average data breach cost dropped in 2024 to $4.4 million. Meanwhile, the breach cost to a U.S. organization increased 9% to an average of over $10 million.

Lee referred to the CODB claim that the average data breach cost dropped in 2024 to $4.4 million. “That is true, but it lacks some very important context. The data breach cost to a U.S. organization was actually up 9% to an average of a little more than $10 million, the highest data breach cost reported in the two decades of the IBM report.”

Lee noted, “The average data breach on which the average is based only involves the exposure of between roughly 2,000 and 113,000 records. We don’t report the number of records exposed at the ITRC; we track victim notices issued. That roughly equates to individuals impacted. Just based on the number of 2024 compromises and notices issued as reported by the ITRC, the average U.S. data breach was nearly five times larger than the global average, or approximately 538,000 victim notices per event. All that to say, like all reports on data breaches, this one should be viewed as a conservative estimate, with the actual volume and impact of data breaches being much higher.”

Lee also covered:

• Dwell time. The length of time between when an attack is launched and when it is discovered. “In 2024, IBM reports that the mean dwell time dropped and so did the mean remediation time – how long it took to stop an attack once found – to a nine-year low: 181 days to identify an attack and 60 days to contain it. That’s just short of eight months – still plenty of time to do a lot of damage.”

• Artificial intelligence (AI). IBM’s CODB revealed one in six data breaches involved AI. “That means attackers can use generative AI to both perfect and scale their phishing campaigns and other social engineering attacks,” said Lee. “IBM believes generative AI reduces the time to generate a convincing phishing email from 16 hours to only five minutes. This year’s report shows the impact of that: on average, 16 % of data breaches involved attackers using AI, most often for AI-generated phishing (37%) and deepfake impersonation attacks (35%).

• Based on the number of 2024 compromises and notices issued as reported by the (ITRC), “the average U.S. data breach was nearly five times larger than the global average,” noted Lee. “Like all reports on data breaches, this one should be viewed as a conservative estimate, with the actual volume and impact of data breaches being much higher.”

• One in six data breaches involved artificial intelligence (AI), the IBM report stated. “That means attackers can use generative AI to both perfect and scale their phishing campaigns and other social engineering attacks,” said Lee in his blog.

• The IBM report also highlighted that, on average, 13% of organizations admitted breaches involved their own AI models or applications. However, among those that did report an AI-related breach, nearly all (97%) lacked proper AI access controls, allowing someone to use the technology as part of an attack.