In the time it takes to read the headline of this story, cybercriminals around the world will have attempted to carry out more than 3,000 computer attacks. They will attack famous and anonymous users on all types of platforms. Also against small companies, located from Buenos Aires to Mérida, and against gigantic companies in San Francisco or Hong Kong. Public institutions, such as hospitals or ministries, will not be saved either. And there will be three great forces that will motivate criminals: espionage, ideology and financial reward.
In 2024, cybercrime has reached its historical peak and has caused losses of 10 billion euros, double that of the previous year. Already in 2023 it became the third economy on the planet, ranking comfortably after the United States and China. But in the year that ends it has established itself as an unstoppable crime machine that causes one in every five crimes committed globally to be through the Internet. Throughout 2024, in Spain, 25% of all reported infractions occurred on the internet, where more than eight out of every ten scams carried out occur. This modality will grow and the Cybersecurity Coordination of the Civil Guard expects it to grow in 2025, until reaching 150,000 complaints.
These figures have made Spain the fifth most affected country worldwide, with a total of 58 major attacks of ransomware—malicious computer programs, intended to hijack data and access services on-line— in the first six months of the year, 38% more than in the same period in 2023, according to a report by the cybersecurity company S21sec.
This 2024 has also produced another record figure. The largest payment ever made in history by a company to cybercriminals to regain control of its systems was recorded. It was 72 million euros, almost double the highest payment that was known until then, at least publicly, according to a report by ThreatLabz, which does not detail which company suffered the attack. And although there are no reliable statistics on how many entities pay the ransoms demanded of them, the security company Veeam estimates that 76% of those affected pay the amounts claimed. No one seems to be safe.
“Cyber attackers reinvent themselves every year and adjust to new trends,” explains Ángela García, a helpline technician at the National Cybersecurity Institute (INCIBE). It is a telephone communication channel (017), free and confidential, that resolves the population’s doubts related to digital security, both at a preventive and reactive level. “The type of attack we record depends on the time of year. Now in December, in a context of holidays, we see a lot of fraud linked to online purchases or fraudulent virtual stores,” adds the expert.
García details that social engineering continues to be the most common mechanism for committing crimes online. It is a technique that manipulates people into revealing sensitive information or taking potentially harmful actions, such as clicking on a malicious link or downloading an infected file. Hackers take advantage of trust, curiosity or fear to steal information that, sooner or later, will give them a financial return. The most common example is perhaps phishingwhere a user receives fake emails from people posing as legitimate companies – such as Google or a bank – or friends or family, and thus manage to steal passwords or, in some cases, money directly.
A sector that is reinventing itself
Marc Rivero, principal researcher at the digital security company Kaspersky, points out that 2024 has also been characterized by the theft of credentials: “The most common thing is that criminals use a piece of malware“which is responsible for stealing passwords stored in the browser or on the user’s computer.” Then, months later, that same data is used to orchestrate stronger attacks on larger organizations. “Let’s think about an employee who uses a corporate credential on his personal computer. They steal it without him realizing it and use it later to hit his company,” he explains.
García points out that “in the end, the objectives of cybercriminals are practically two: steal data or steal money.” According to this cybersecurity technique, stealing data will ultimately lead to an economic benefit: “Either because the data will be sold on the black market, or because they will be used for other types of fraud in which the victim will have some type of financial damage.”
Investment in security by Spanish companies is around 1,200 million euros. Although there is a nuance: 90% of this expense is made by large companies. Small and medium-sized companies make minimal investments, thus expanding the field of vulnerabilities.
The ThreatLabz report indicates that the industrial manufacturing sector has been the most attacked of the year, followed by healthcare and technology, critical areas that, in some cases, suffered serious interruptions in their operations until they were paralyzed.
The energy sector was the one that increased its number of attacks the most, both in Europe and the United States, becoming a strategic target due to the value of its data. An example, without going any further, was what happened in September, when Repsol was the target of a cyber attack on its database of electricity and gas customers in Spain. Or in May, when a leak at Iberdrola revealed the personal information of 850,000 customers in the country. Crossing the ocean, in April, it was known that 39% of cyber threats in Mexico were to energy companies. The trend also strengthened in the rest of Latin America throughout the year.
The boost of AI
Artificial intelligence had to have its own chapter in this story. “His role has been to perfect how the message reaches the victim,” says Rivero. That is, this tool has helped adapt each attack to its target audience, making the scams more credible, almost personalized. “AI has refined existing techniques,” he adds.
García details that artificial intelligence has also helped cybercriminals with identity theft through voice, using a technique known as vishingwhich became quite frequent this year. It is used to trick users into giving hackers access to a corporate environment to extract data or infect computers with a virus. softwarecriminal.
The issue will go further. By 2025, adoption of generative AI is expected to be even greater. This will allow threat actors to create emails with accurate grammar and spelling and use voice cloning, with local accents, to improve the credibility of their scams and increase the likelihood of success. A Zscaler report warns of other trends for 2025. The firm believes that malware attacks will become popular. ransomwareaimed at multi-million dollar companies, specific and high-value targets from which to request more significant ransoms. Virtual retail will decline.
The healthcare sector will also be a primary target because they are organizations that handle sensitive and therefore valuable data. “The zero daysnew vulnerabilities that appear within the system and that are not known by the manufacturer, so they do not yet have a patch to solve them. They have taken a lot of advantage of that and will continue to do so,” Rivero details.
If cybercriminals advance one step in perfecting their attack techniques, sooner or later, cyber experts also do so with their defenses. “The most effective thing is to maintain regular and updated control of the system’s security patches. Changing and rotating passwords is also an effective method to mitigate threats; and training, that is essential,” says Rivero. This specialist believes that there is still a lot of work to be done in prevention: “It is a pending issue for Spain. Taking care of our computer systems is as important as taking care of our body by doing sports.”
García appeals to something much more basic, although it may seem trivial: common sense. “If we stop to read the information they are showing us or think for a second about what we are hearing or reading, many frauds would be avoided. We must learn to be critical with the information we receive,” concludes this expert.
