Executive Summary
In 2025, the FBI's Internet Crime Complaint Center (IC3) reported a significant surge in cybercrime, with total losses reaching $20.9 billion—a 26% increase from the previous year. The center received over one million complaints, marking a 17% rise compared to 2024. Investment-related fraud led to losses of nearly $8.65 billion, while business email compromise accounted for almost $3.05 billion. Phishing remained the most reported cybercrime, followed by extortion and personal data breaches. (cyberscoop.com)
This escalation underscores the growing sophistication of cybercriminals, who are increasingly leveraging artificial intelligence to enhance their attacks. The trend highlights the urgent need for organizations to bolster their cybersecurity measures and stay vigilant against evolving threats. (forbes.com)
Why This Matters Now
The rapid increase in cybercrime losses, driven by AI-enhanced attacks, emphasizes the critical need for organizations to adopt advanced security strategies to protect against evolving threats.
Attack Path Analysis
The adversary initiated the attack by exploiting a misconfigured cloud storage bucket to gain unauthorized access. They then escalated privileges by exploiting a vulnerable application to obtain administrative credentials. Utilizing these elevated privileges, the attacker moved laterally across the cloud environment, accessing multiple regions and services. They established command and control by deploying a backdoor that communicated over encrypted channels to evade detection. Sensitive data was exfiltrated by copying it to an external cloud storage service. Finally, the attacker deployed ransomware to encrypt critical data, demanding payment for decryption keys.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited a misconfigured cloud storage bucket to gain unauthorized access to the cloud environment.
MITRE ATT&CK® Techniques
Phishing
Spearphishing Link
Financial Theft
Phishing for Information
Spearphishing Link
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security Awareness Training
Control ID: 6.4.3
NYDFS 23 NYCRR 500 – Cybersecurity Awareness Training
Control ID: 500.14(b)
DORA – ICT Risk Management Framework
Control ID: Article 13
CISA ZTMM 2.0 – Implement Strong Authentication Mechanisms
Control ID: Identity and Access Management
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Health Care / Life Sciences
Faces highest ransomware targeting with $7.75B elderly victim losses, requiring encrypted traffic protection and zero trust segmentation for patient data compliance.
Financial Services
Critical infrastructure sector heavily targeted by ransomware and BEC attacks totaling $3.05B, needing egress security and multicloud visibility for regulatory compliance.
Information Technology/IT
Among most ransomware-targeted critical infrastructure with investment fraud reaching $8.65B, requiring cloud native security fabric and threat detection capabilities.
Manufacturing
Heavily targeted by ransomware variants including Akira and Qilin, needing Kubernetes security and east-west traffic protection for operational technology environments.
Sources
- Cybercrime losses jumped 26% to $20.9 billion in 2025https://cyberscoop.com/fbi-internet-crime-complaint-center-annual-cybercrime-report/Verified
- FBI Releases Annual Internet Crime Reporthttps://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-reportVerified
- FBI Reports $20.8 Billion Lost To Cybercrime As Hackers Turn To AIhttps://www.forbes.com/sites/timkeary/2026/04/07/fbi-reports-208-billion-lost-to-cybercrime-as-hackers-turn-to-ai/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have significantly limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's unauthorized access could have been constrained, reducing the likelihood of further exploitation.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges could have been limited, reducing the scope of potential damage.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement could have been restricted, reducing the reach of the attack.
Control: Multicloud Visibility & Control
Mitigation: The attacker's command and control communications could have been detected and disrupted, limiting their ability to maintain control.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts could have been blocked, reducing the risk of data loss.
The attacker's ability to deploy ransomware could have been limited, reducing the potential impact on critical data.
Impact at a Glance
Affected Business Functions
- Financial Transactions
- Customer Data Management
- Email Communications
- Technical Support Services
Estimated downtime: 14 days
Estimated loss: $20,900,000,000
Personal Identifiable Information (PII) of customers, financial records, and sensitive business communications.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and prevent lateral movement within the cloud environment.
- • Deploy East-West Traffic Security controls to monitor and restrict internal traffic, mitigating unauthorized lateral movement.
- • Utilize Multicloud Visibility & Control solutions to gain comprehensive insights into cloud activities and detect anomalies.
- • Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent unauthorized data exfiltration.
- • Implement Inline IPS (Suricata) to detect and prevent exploitation attempts against vulnerable applications.
