February 2025 saw a rise in cyber threats, with malware, phishing, ransomware, and social engineering attacks causing major disruptions. Attackers targeted industries like technology, government, finance, healthcare, media, and e-commerce. Here’s a look at what happened and what to watch for next.
Top Cyber Security Threats & Incidents
1. Malware
Malware attacks continued to evolve in February 2025, with cyber criminals using new stealth tactics and AI-powered techniques to bypass security measures. Attackers targeted both individuals and organizations, leveraging email services, data theft tools, and automated malware variants to spread infections.
Notable Incidents
The FinalDraft malware used Outlook’s email service to secretly communicate, making it harder to detect. (Source)
A new strain called Flesh Stealer emerged, capable of stealing sensitive data while remaining undetected. (Source)
Reports revealed a threefold increase in malware attacks, highlighting a rapid escalation in cyber threats. (Source)
How to Defend Against Malware Infections
Ensure all operating systems, applications, and security tools are updated regularly to patch vulnerabilities that malware exploits.
Implement the principle of least privilege so employees can only access the data and systems necessary for their roles, minimizing malware spread.
Restrict employees from installing unapproved applications and allow only verified, pre-approved software on company devices to help prevent malware infections.
2. Phishing
Phishing attacks remained a major cyber security threat, with cyber criminals using new techniques to bypass security defenses and trick users. Attackers leveraged fake login windows, QR code-based scams, and weaknesses in the login process to steal credentials and sensitive data.
Notable Incidents
A new Browser-in-the-Browser (BitB) phishing attack emerged, creating fake login pop-ups that looked identical to real authentication pages. (Source)
QR code phishing (Quishing) gained traction, with hackers embedding malicious links in QR codes to trick users into visiting fake websites.(Source)
Device Code Phishing attacks exploited authentication flows, allowing attackers to bypass traditional login security. (Source)
How to Protect Your Organization from Phishing Attacks
Consider investing in email filtering and threat detection tools to identify and block suspicious emails before they reach employees’ inboxes.
Conduct mandatory phishing simulations and training sessions to help employees recognize fraudulent emails, fake login pages, and other phishing tactics.
Provide employees with an easy way to report suspicious emails to IT/security teams and ensure prompt action is taken.
3. Ransomware
Ransomware attacks remained a critical threat, with cyber criminals expanding their targets and using more sophisticated tactics to evade detection. Attackers are now targeting businesses across multiple industries, encrypting data, and demanding hefty ransoms.
Notable Incidents
Indian tech giant Tata Technologies fell victim to a ransomware attack, disrupting its operations and exposing sensitive data. (Source)
Taiwanese PCB manufacturer Unimicron was targeted by the Sarcoma ransomware group, disrupting operations and potentially compromising sensitive data. (Source)
The RansomHub ransomware group expanded its operations, now targeting Windows, ESXi, and Linux systems, making it a more versatile and dangerous threat. (Source)
How to Strengthen Organizational Defenses Against Ransomware
Ensure periodic backups of critical data and store them offline or in secure cloud environments to prevent ransomware from encrypting or destroying them.
Divide networks into separate sections so that if ransomware infects one part, it cannot easily spread to critical systems.
Develop a strong incident response plan with secure, offline backups and clear response strategies to restore operations.
4. Social Engineering Attacks
Social engineering scams continued to rise in February 2025, with cyber criminals using deception, trust manipulation, and psychological tactics to steal money and sensitive information. Attackers targeted individuals and businesses through investment fraud, fake job interviews, and community-based scams.
Notable Incidents
A 75-year-old woman in Bengaluru lost ₹2 crore ($240,000) to an investment scam that promised high returns but was ultimately a fraud. (Source)
The Grasscall malware campaign tricked job seekers with fake job interviews, leading to the theft of their crypto wallets and financial assets. (Source)
Threat actors targeted local communities in the U.S., using phone scams and social engineering techniques to exploit trust and extract sensitive information. (Source)
How to Protect Your Organization from Social Engineering Attacks
Encourage employees to be cautious with unsolicited messages, calls, and requests for sensitive information, emphasizing security awareness at all levels.
Reduce the amount of company and employee information shared online to prevent attackers from gathering intelligence for targeted scams.
Periodically educate employees on common scams like phishing, pretexting, baiting, and impersonation attacks, using real-world examples and simulated attacks.
Top Targeted Industries This Month
Cyber attacks surged in February, with industries like finance, government, healthcare, and technology facing major breaches, ransomware incidents, and credential theft.
Technology and Engineering
The technology and engineering sector faced a wave of attacks, particularly targeting AI models. Vulnerabilities in LLMs were exploited to launch attacks. Cyber criminals also leveraged these weaknesses to steal sensitive user credentials. Besides, the industry also saw a rise in ransomware attacks. A major incident this month involved Cisco, where internal network credentials were exposed due to a security breach. (Source)
Government
Government entities remained a primary target for cyber criminals, with attacks disrupting essential services and exposing critical data. Intelligence agencies, municipal services, and military networks faced breaches that impacted operations and compromised sensitive data. A notable attack this month was on the Cleveland Municipal Court, which was forced to shut down for three consecutive days due to a cyber attack. (Source)
Finance
The financial sector continues to be heavily targeted, with attackers focusing on data theft, ransomware, and credential-stealing malware. Attackers also attempted to steal online banking credentials through phishing campaigns and advanced malware attacks. A significant breach affected Globe Life, where the personal information of approximately 850,000 individuals was compromised. (Source)
Healthcare
Despite a slight decline in incidents compared to the previous month, healthcare still remains one of the most at-risk sectors. Ransomware attacks continued to disrupt healthcare operations. These breaches highlight the ongoing struggle healthcare organizations face in securing patient information against sophisticated cyber threats. A significant attack targeted Genea IVF Clinic, where 940.7 GB of patient data was compromised following a ransomware attack. (Source)
These industries were targeted due to unpatched vulnerabilities, misconfigured systems, and weak security controls. Attackers are leveraging ransomware, phishing, and AI-driven exploits to breach networks and steal sensitive data.
Emerging Attack Trends
1
Cloud-based attacks are increasing as attackers exploit misconfigured cloud environments, weak access controls, and exposed APIs to steal data and disrupt services.
2
AI jailbreak exploits are being used to manipulate AI models, bypass security restrictions, generate malicious content, and extract sensitive information from AI-driven systems.
3
Brute-force attacks are becoming more sophisticated, with AI-powered automation testing millions of password combinations rapidly to break into accounts and corporate networks.
4
Web skimming attacks are targeting e-commerce platforms, injecting malicious scripts into checkout pages to steal credit card details and personal data from online shoppers.
5
Supply chain attacks are growing, with attackers compromising third-party vendors to infiltrate multiple organizations through infected software updates and unauthorized access.
6
Insider threats are on the rise, where employees—whether malicious or negligent—leak sensitive data, click on phishing links, or misuse their access privileges, leading to major data breaches.
This roundup is our take on the most relevant cyber threats from our daily threat analysis. With so much happening every day, we bring you the most relevant insights we can. We’ll keep tracking the cyber landscape and sharing what matters—more coming next month!
