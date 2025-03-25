The latest threat intelligence report from Ontinue finds a 132 percent surge in ransomware attacks, although ransom payments have declined by 35 percent, suggesting a shift in attacker strategies to double down on ransomware efforts.

Among other key trends, the report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA).

The PlugX Remote Access Trojan (RAT) remains an active threat too, while command-and-control (C2) traffic associated with infostealers and malware loaders continues to escalate.

The report also notes the increasing sophistication of vishing (voice phishing) attacks, which cybercriminals are now enhancing with artificial intelligence. By leveraging AI-driven voice cloning technologies, attackers can create realistic deepfake audio to impersonate trusted individuals, tricking victims into divulging credentials, approving fraudulent transactions, or granting unauthorized system access.

Ontinue's team has detected a 1,633 percent spike in vishing-related incidents compared to the previous quarter. Many of these attacks direct victims to fake Microsoft support pages, often hosted on .shop domains, where users are prompted to call fraudulent support numbers.

Attackers are abusing legitimate tools too. Microsoft Quick Assist, a remote support tool, is being weaponized by attackers to gain unauthorized access to victim devices, often bypassing traditional security controls. Windows Hello authentication keys have also been targeted in credential theft campaigns, allowing adversaries to authenticate as legitimate users without needing passwords.

"The cybercriminal ecosystem is adapting to evolving security measures, leveraging AI-powered deception, novel malware delivery tactics, and persistent social engineering schemes," says Balazs Greksza, director of advanced threat operations at Ontinue. "Our research underscores the urgent need for organizations to fortify their defenses against sophisticated phishing, vishing, and malware campaigns, while continuing to harden their environments against ransomware and credential theft."

Image credit: lighthouse/depositphotos.com