The activity of cybercrime groups continues to experience strong growth in recent years, consolidating themselves as one of the main threats in the digital environment. According to the 2025 Cyber ​​Intelligence Report prepared by Secure&IT, last year the number of attacks published by organizations linked to cybercrime on the Dark Web increased, reaching 7,979 incidents, which represents an increase of 42% compared to 2024, when 5,613 were registered. This rebound confirms the global acceleration of organized cybercrime.

The report identifies 162 active actors, up from 114 the previous year, confirming a clear expansion of the cybercrime ecosystem. Although seven groups account for 43% of the total attacks, a greater fragmentation of the panorama is observed compared to 2024, which indicates that new actors are entering the ransomware market and reinforcing the international structure of cybercrime.

“Cybercrime works as an organized industry, with hierarchical structures, membership models and its own supply chains. This professionalization of cybercrime reduces the barrier to entry and multiplies the number of active attackers,” explains Francisco Valencia, general director of Secure&IT.

Which criminal groups are most active?

In 2025, seven criminal groups concentrated more than 40% of the global activity associated with cybercrime, led by Qilin, with 1,015 attacks (12.7%), which has quadrupled its activity compared to the previous year. In this ranking we also find the Akira group (659 attacks) and Play (385 attacks), all of them prominent actors within the international cybercrime ecosystem.

“All of these groups operate under Ransomware-as-a-Service (RaaS) schemes, a model that functions as a criminal franchise in which developers rent their malware to affiliates who execute the attacks, thus expanding the scope of cybercrime on a global scale,” explains Valencia.

The United States receives more than half of the attacks

The ranking of countries with the most cyber attacks in 2025 is led by the United States. The main target of cybercriminals has been American companies, which received more than half of the attacks published last year (52%), which shows the strategic impact of cybercrime in the main world economies. In second position in the ranking is Canada (5%), followed by the United Kingdom (4%) and Germany (4%), all of them priority markets for international cybercrime.

“For yet another year, Spain continues to be ranked seventh in the world in this ranking, with 170 published attacks, which represents 2.1% of the global total and 10% of the attacks registered in Europe,” indicates the general director of Secure&IT, underlining the growing incidence of cybercrime in the Spanish business environment.

Services, industry and health: the most affected sectors

The services sector continues to be the most attacked (37%), followed by industry (23%) and the health sector, which has suffered 535 attacks in 2025, 7% of the world total, with the participation of up to 91 different groups linked to cybercrime.

“The pressure on critical sectors such as health or industry confirms that attackers seek to maximize the impact to force the payment of the ransom. The professionalization of ransomware and the rise of cybercrime require organizations to adopt advanced defense models, continuous monitoring and automated response,” says Francisco Valencia.

Professionalization and automation

Criminal groups have evolved towards increasingly sophisticated structures within the cybercrime framework, reaching the point of reusing leaked codes from other ransomware families to accelerate their development, operating under double extortion schemes that combine the encryption of information with the exfiltration of sensitive data, and using legitimate tools for the post-exploitation phases in order to evade detection.

Seven criminal groups concentrated more than 40% of the global activity associated with cybercrime

“In addition, these cybercriminals also automate massive exploitation campaigns to maximize their reach and profitability, and strategically migrate between digital platforms to preserve their anonymity and guarantee the continuity of their operations. This report that we have prepared at Secure&IT indicates that the growth of cybercrime is not only quantitative, but also qualitative,” concludes Francisco Valencia.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.