March 2025 witnessed a continued rise in cyber threats, with a strong uptick in ransomware campaigns, phishing attacks, social engineering tactics, and cloud security breaches. Attackers expanded their focus across industries, including government, IT, healthcare, ICS/OT, and telecommunications. Below is a snapshot of this month’s most notable developments and emerging attack trends.
Top Cyber Security Threats & Incidents
1. Social Engineering Attacks
Social engineering attacks became increasingly deceptive this month, with deepfakes, fake documents, and impersonation scams used to bypass trust and trick victims. Cyber criminals exploited public figures, government agencies, and verification processes to gain credibility.
Notable Incidents
North Korean IT workers posed as remote freelancers on GitHub and freelance platforms, hiding their true identity to gain access to Western companies’ systems and divert funds to the North Korean regime. (Source)
A deepfake of Singapore’s PM Lawrence Wong was used in a fraudulent PR campaign tied to crypto schemes. (Source)
Cyber criminal group PrintSteal distributed fake Aadhaar documents to aid identity theft. (Source)
How to Stay Protected
Train employees to verify identities through secondary channels, especially in high-trust environments.
Limit the amount of publicly shared personal or organizational data that attackers can exploit.
Pause before acting on urgency. Social engineers create pressure—“your account will be closed,” “your boss needs this now.” Take a moment to validate the request.
2. Ransomware
Ransomware groups launched widespread attacks targeting healthcare, manufacturing, education, and public sector institutions. Attackers employed new tactics like stealthy payload delivery and repeat exploitation of unpatched systems.
Notable Incidents
Tata Technologies was hit by Hunters International ransomware. (Source)
BlackLock ransomware struck over 40 organizations across finance, manufacturing, and telecom sectors, using aggressive extortion tactics. (Source)
CISA reported Medusa ransomware attacks on over 300 critical infrastructure organizations. (Source)
How to Strengthen Ransomware Defenses
Prioritize patching vulnerabilities and segment networks to limit spread.
Maintain secure, offline backups and validate restoration processes periodically.
Conduct regular tabletop exercises to ensure your incident response team is prepared to act quickly in the event of an attack.
3. Phishing
Phishing tactics continued to evolve, moving beyond email to include SMS, spoofed websites, QR codes, and deepfake communications. Credential theft, financial fraud, and malware delivery were key goals.
Notable Incidents
Fake Booking.com emails delivered info-stealers and RATs via ClickFix payloads. (Source)
Malicious Adobe and DocuSign OAuth apps were used to compromise Microsoft 365 accounts by tricking users into granting app permissions. (Source)
Phishing kits like Tycoon2FA now use PDF lures and MFA evasion tactics. (Source)
How to Reduce Phishing Risks
Educate staff on multi-channel phishing tactics prevalent, including voice, SMS, and social media.
Enforce phishing-resistant authentication (e.g., passkeys).
Be skeptical of apps sent via email or chat. If someone shares a link to “connect” or “authorize” an app, verify the sender—even if it looks like your coworker.
4. Malware
This month’s malware activity featured new variants using steganography, fake CAPTCHA screens, and malicious browser extensions. Critical infrastructure and individual users alike were affected.
Notable Incidents
How to Prevent Malware Infections
Don’t ignore browser warnings. If your browser warns you about a suspicious site or download, take it seriously—don’t proceed just to “check it out.”
Restrict app installations to trusted sources and enforce browser extension policies.
Think before clicking. Be cautious with email attachments, file-sharing links, or unexpected documents—even if they come from someone you know.
5. AI Jailbreaks & AI-Driven Attacks
Malicious use of generative AI continued to surge in March 2025, with threat actors developing jailbreak techniques to bypass AI safety controls and weaponize AI tools for phishing, malware generation, and social engineering. The abuse of AI is now becoming a scalable attack vector, raising red flags for both security teams and AI service providers.
Notable Incidents
A new jailbreak technique was disclosed that can bypass major AI content filters, enabling unrestricted generation of malicious content. (Source)
Reports show that over 50% of organizations have experienced security incidents involving AI-generated content, highlighting its growing threat surface. (Source)
Malicious AI tools have surged by over 200%, with rising underground discussions on jailbreaking AI models to create malware and launch social engineering attacks. (Source)
How to Stay Protected
Establish clear internal policies for safe and approved use of AI tools within the organization.
Always read the privacy policy of the AI tools before uploading your data to understand how your information is stored, used, or shared.
Educate staff on risks related to AI-generated content and jailbreak attempts.
Top Targeted Industries This Month
Cyber attacks continued to escalate in March, with sectors such as government, healthcare, IT, and telecommunications experiencing major breaches, social engineering campaigns, and persistent access threats. Misuse of AI tools, cloud misconfigurations, and advanced malware were common tactics, making it increasingly difficult for organizations to defend against evolving threats.
Government
Government agencies worldwide faced deepfake scams, phishing, and malware targeting sensitive databases. Attacks aimed to disrupt civic operations, access classified data, or manipulate public narratives. A notable incident occurred in Texas, where a cyberattack led to a city-wide emergency declaration, highlighting the growing impact of digital threats on local government functions. (Source)
IT & Cloud
Breaches in cloud environments and the misuse of AI tools increased. Misconfigured plugins and exposed API keys were heavily exploited, especially in Oracle’s and AWS’s ecosystems. A notable incident this month involved North Korean IT workers posing as remote developers, who used GitHub to spread malware and gain access to enterprise development environments under false identities. (Source)
Healthcare
Healthcare providers continued to face ransomware and data breaches. Sensitive staff and patient records were exposed due to cloud misconfigurations and outdated systems. A major incident this month involved the exposure of 86,000 healthcare staff records due to an unsecured cloud server, highlighting ongoing data security challenges in the sector. (Source)
ICS/OT
Critical infrastructure and industrial systems were targeted with advanced persistent threats and zero-day malware, including attacks on SCADA platforms and power grids. A major incident this month involved the Volt Typhoon group, where hackers remained inside the U.S. electric grid for over 300 days without detection. (Source)
Telecom
Telecom giants experienced data breaches and SIM-swap attacks. Client data leaks and persistent access via network flaws raised national security concerns. A major breach impacted Japanese telecom giant NTT, where attackers accessed systems affecting over 18,000 companies. (Source)
These sectors continue to face heightened risk due to poor access controls, outdated infrastructure, and increasing reliance on cloud and AI technologies. Threat actors are leveraging deepfakes, social engineering, and supply chain vulnerabilities to compromise networks and exfiltrate sensitive information.
Emerging Attack Trends
1
ClickFix based attacks: It is a phishing and malware delivery campaign that targets users through emails disguised as legitimate service messages—often appearing to come from trusted brands like Booking.com. These emails typically include a link or PDF attachment urging the recipient to fix an urgent issue.
2
Deepfakes: AI-generated content is being used to mimic CEOs, political leaders, and employees in fraud, phishing, and misinformation campaigns.
3
Fake CAPTCHAs: Attackers now deploy fake CAPTCHA screens to hide malicious activity and trick users into enabling payloads.
4
Steganographic malware: Malware concealed in image files is being used to bypass detection systems, making traditional filtering methods less effective.
This monthly roundup is our team’s view of what mattered most in March 2025. All insights are based on our independent research and ongoing monitoring of the threat landscape. We’ll be back with more next month—stay secure until then!
