Cyber Security – Technology For You

Fortinet’s 2026 Cyberthreat Predictions: Inside the Industrialization of Cybercrime and What to Expect in 2026

Technology For You — Tue, 02 Dec 2025 16:15:08 +0000

Bangalore, India, December 2, 2025: Fortinet today released its 2026 Cyberthreat Predictions Report, highlighting a year defined by acceleration. Each year, FortiGuard Labs analyses how technology, economics, and human behaviour shape global cyber risk. The Fortinet Cyberthreat Predictions Report for 2026 outlines a turning point in that evolution. Cybercrime will continue to evolve into an organized industry, built on automation, specialization, and artificial intelligence (AI). But in 2026, success in both offense and defence will be determined less by innovation than by throughput: how quickly intelligence can be turned into action.

The summary of key findings is outlined below.

From Innovation to Throughput

Because AI, automation, and a mature cybercrime supply chain will make intrusion faster and easier than ever, attackers will spend less time inventing new tools and more time refining and automating techniques that already work. AI systems will manage reconnaissance, accelerate intrusion, parse stolen data, and generate ransom negotiations. At the same time, autonomous cybercrime agents on the dark web will begin executing entire attack stages with minimal human oversight.

These shifts will exponentially expand attacker capacity. A ransomware affiliate that once managed a handful of campaigns will soon be able to launch dozens in parallel. And the time between intrusion and impact will shrink from days to minutes, making speed the defining risk factor for organizations in 2026.

The Next Generation of Offense

FortiGuard Labs expects to see the emergence of specialized AI agents designed to assist cybercriminal operations. Although these agents will not yet operate independently, they will begin to automate and enhance critical stages of the attack chain, including credential theft, lateral movement, and data monetization.

At the same time, AI will accelerate the monetization of data. Once attackers gain access to stolen databases, AI tools will instantly analyze and prioritize them, determine which victims offer the highest return, and generate personalized extortion messages. As a result, data will become currency faster than ever before.

The underground economy will also become more structured. Botnet and credential-rental services will become increasingly tailored in 2026. Data enrichment and automation will enable sellers to offer more specific access packages based on industry, geography, and system profile, replacing the generic bundles that dominate today’s underground markets. Black markets will adopt customer service, reputation scoring, and automated escrow. Due to these innovations, cybercrime will accelerate its evolution toward full industrialization.

The Evolution of Defense

Defenders will need to respond with the same efficiency and coordination. In 2026, security operations will move closer to what FortiGuard Labs describes as machine-speed defense—a continuous process of intelligence, validation, and containment that compresses detection and response from hours to minutes.

Frameworks such as continuous threat exposure management (CTEM) and MITRE ATT&CK will need to be leveraged so defenders can quickly map active threats, identify exposures, and prioritize remediation based on live data. Identity will also need to become the foundation of security operations, as organizations will need to not only authenticate people but also automated agents, AI processes, and machine-to-machine interactions.

Managing these non-human identities will become critical to preventing large-scale privilege escalation and data exposure.

Collaboration and Deterrence

Industrialized cybercrime will also demand a more coordinated global response. Initiatives such as INTERPOL’s Operation Serengeti 2.0, supported by Fortinet and other private-sector partners, demonstrate how joint intelligence sharing and targeted disruption can dismantle criminal infrastructure. New initiatives, such as the Fortinet-Crime Stoppers International Cybercrime Bounty program, will enable global communities to safely report cyberthreats, helping to scale deterrence and accountability.

FortiGuard Labs also expects to see continued investment in education and deterrence programs that target young or at-risk populations who are being drawn into online crime. Preventing the next generation of cybercriminals will depend on redirecting them before they enter the ecosystem.

Looking Ahead

By 2027, cybercrime is expected to function at a scale comparable to legitimate global industries. FortiGuard Labs predicts further automation of offensive operations through agentic AI models, where swarm-based agents will begin coordinating tasks semi-autonomously and adapting to defender behavior, alongside increasingly sophisticated supply-chain attacks targeting AI and embedded systems.

Defenders will need to evolve as well, leveraging predictive intelligence, automation, and exposure management to contain incidents faster and anticipate adversary behavior. The next stage of cybersecurity will depend on how effectively humans and machines can operate together as adaptive systems.

Velocity and scale will define the decade ahead. Organizations that unify intelligence, automation, and human expertise into a single, responsive system will be the ones best able to withstand what comes next.

“The findings clearly show that cybercrime is no longer an opportunistic activity, it is an industrialized system operating at machine speed. As automation, specialization, and AI redefine every stage of the attack lifecycle, the time between compromise and consequence continues to collapse. The road ahead will be shaped by how quickly defenders can adapt to this reality. Cybersecurity has become a race of systems, not individuals, and organizations will need integrated intelligence, continuous validation, and real-time response to stay ahead of adversaries who measure success by throughput, not novelty.”

Rashish Pandey, Vice President – Marketing & Communications, APAC, Fortinet said, “For defenders, the shift we are seeing is profound. Static configurations and periodic assessments can’t keep pace with an environment where attackers automate reconnaissance, privilege escalation, and extortion in minutes. What organizations need is a unified, adaptive security posture, one that brings together threat intelligence, exposure management, and incident response into a continuous, AI-enabled workflow. At Fortinet, our focus is on helping customers build this level of resilience so they can act at the same speed as the threats they face and strengthen their ability to contain attacks before disruption occurs.”

Vivek Srivastava, Country Manager, India & SAARC, Fortinet said, Read the full Fortinet Cyberthreat Predictions for 2026 report to explore detailed forecasts, sector-specific insights, and strategies for building resilience in the era of industrialized cybercrime.

New insights reveal how scammers copy trusted brands during peak shopping season and what every shopper can do to stay one step ahead

Technology For You — Thu, 27 Nov 2025 14:31:55 +0000

McAfee Labs Research Reveals the Most Impersonated Brands of Holiday Season 2025 and How Shoppers Can Spot the Fakes

Key Findings

Tech tops the Cybergrinch list: Scammers are most frequently impersonating major tech brands, especially those tied to popular devices and gaming platforms, like Apple, Nintendo, Samsung, Disney, and Steam. Apple is the number one brand cybercriminals pretend to be, often creating convincing fake websites that look like real Apple pages.
Luxury brands are a prime target: Counterfeit storefronts for handbags, sneakers, and limited-edition drops — for example, Coach, Dior, Gucci, Rolex, and Ralph Lauren — surged 45%, with cybercriminals mimicking brand visuals and holiday promo language.
Shopping scams are rising before the season even starts: 91% of Americans say they’re seeing ads from unfamiliar retailers, exposing them to more scam URLs and lookalike sites. That risk is already visible: scam-related URLs climbed about 10% from early October to early November as criminals ramped up activity across major shopping categories ahead of Black Friday and the holiday rush.

SAN JOSE, Calif.—(BUSINESS WIRE)— McAfee announced the results of the latest research from McAfee Labs, revealing the brands scammers are impersonating the most this holiday season and how convincingly they’re copying the brands of trusted retailers to create lookalike online storefronts, fake email alerts, and misleading social ads. The goal of these scammers is to trick shoppers during the busiest buying season of the year — and McAfee’s goal is to help keep people safer and make them feel more confident while buying gifts for loved ones.

Shopping today happens quickly, on phones, between tasks and across social feeds. This speed gives realistic fakes more room to slip through. Knowing which brands scammers impersonate most helps people slow down, spot red flags and stay safer. McAfee Labs has also observed a sharp rise in malicious activity tied to major shopping moments, including 10% increases in scam URLs and emails impersonating popular brands.

“Scammers have always taken advantage of the holiday rush to exploit people looking for deals, but AI has made it easier for them to copy trusted brands with speed and accuracy that is hard to spot,” said Abhishek Karnik, head of threat research at McAfee. “From imposter websites and fake products to convincing emails and texts designed to pull people in, scammers today are using AI to create some of the most believable social-engineering tricks we’ve ever seen. The best protection is to slow down, verify what you see and use tools that can flag suspicious links or pages before they do harm.”

The Most Impersonated Brands of 2025

This year’s most impersonated brands align with what people frequently shop for during the holidays — popular tech, luxury gifts and high-demand, limited-edition items. Cybercriminals focus on trusted names and rely on realistic visuals and messaging that match what shoppers expect to see. Fake versions of these sites often include copied product photos, similar layouts, realistic customer-service language and holiday sale graphics designed to push shoppers toward entering payment information.

Top 5 most impersonated luxury brands

Coach
Dior
Ralph Lauren
Rolex
Gucci

Luxury brand impersonation scams are heavily concentrated among just a few names, with Coach leading by a wide margin. Coach accounts for roughly 45% more scam-related URLs than the next most impersonated luxury brand, Dior.

Top 5 most impersonated mainstream consumer brands

Apple
Nintendo
Samsung
Disney
Steam

Apple stands out within the most impersonated mainstream consumer brands with the highest volume of URL scams of any brand analyzed. Nintendo follows closely, driven largely by the massive demand for the Switch 2 during the 2025 holiday season. Samsung impersonations are primarily tied to scams involving phones and accessories, while Disney scams stem mostly from fake Disney+ streaming offers and account alerts. Steam also appears frequently in scam URLs, with fraud tied to Steam gift cards used for PC gaming and the rising popularity of the Steam Deck, now considered the most widely used handheld PC for gamers.

Holiday Deals Are Up. So Is Brand Impersonation.

Holiday excitement is high, but so is the level of deception. More shoppers are encountering realistic fakes that look like the real deal, from counterfeit storefronts to fake delivery updates. Many shoppers now run into realistic-looking fakes tied to well-known brands, from counterfeit storefronts to fake order alerts. Fifty-seven percent of Americans say they’re more worried about AI-generated scams this year than last, and 40% have abandoned a purchase because something didn’t feel right.

Confidence can be misleading. Thirty-eight percent of consumers believe they can spot a scam, yet 22% admit they’ve fallen for one during a past holiday season. People are shopping, but many are double-checking what shows up in their feeds and inboxes, turning holiday cheer into a season of digital caution.

McAfee’s Tips for a Scam-Free Season

Pause before you click. If you get a text, DM, or email about a deal, go directly to the retailer’s site or app instead.
Stick to trusted retailers. If the deal feels rushed or the brand looks unfamiliar, it’s safer to skip it.
Use AI-powered scam protection. Use trusted tools like McAfee’s Scam Detector, available in all core plans, that spot and flag suspicious links and scams before they can do harm.
Watch for red flags. If a message pressures you to act fast, demands payment through gift cards or wire transfers, asks for personal info, or insists you stay on the line or keep quiet – hit pause. These are classic scam signals. Taking a moment to think can be the difference between scoring a deal and walking into disaster.
Protect your shopping experience. Turn on two-factor authentication for extra account protection, use strong, unique passwords, shop only on secure websites (look for “https://” and the padlock icon), monitor your bank and credit card statements for unusual charges.

Account Takeover Fraud via Impersonation of Financial Institution Support

Technology For You — Thu, 27 Nov 2025 12:36:50 +0000

The FBI warns of cyber criminals impersonating financial institutions to steal money or information in Account Takeover (ATO) fraud schemes. The cyber criminals target individuals, businesses, and organizations of varied sizes and across sectors. In ATO fraud, cyber criminals gain unauthorized access to the targeted online financial institution, payroll, or health savings account, with the goal of stealing money or information for personal gain. Since January 2025, the FBI Internet Crime Complaint Center (IC3) received more than 5,100 complaints reporting ATO fraud, with losses exceeding $262 million.

How It Works

The cyber criminal impersonates the financial institution’s staff or website, to obtain access to the account. Cyber criminals usually gain access to accounts through social engineering techniques — including texts, calls, and emails — or through fraudulent websites.

Social Engineering

A cyber criminal manipulates the account owner into giving away their login credentials, including multi-factor authentication (MFA) code or One-Time Passcode (OTP), by impersonating a financial institution employee, customer support, or technical support personnel. The cyber criminal then uses login credentials to log into the legitimate financial institution website and initiate a password reset, ultimately gaining full control of the accounts.
Social engineering methods include contacting account owners via fraudulent text messages, calls, or emails to trick the email recipient into providing their login credentials. In some instances, the cyber criminal states there are fraudulent transactions on the financial account and may provide a link to a phishing website that the account owner believes will report the fraud or prevent additional fraudulent transactions.
In some instances, cyber criminals impersonating financial institutions reported to the account owner that their information was used to make fraudulent purchases, including firearms. The cyber criminal convinces the account owner to provide information to a second cyber criminal impersonating law enforcement, who then convinces the account owner to provide account information.

Phishing Domains/Websites

The cyber criminal uses a phishing website that looks like the legitimate online financial institution or payroll website to trick the account owner into giving away their login credentials. Believing the phishing website is the legitimate one, users enter their login credentials into the fraudulent site, unknowingly providing them to cyber criminals.
Cyber criminals may also use a technique called Search Engine Optimization (SEO) poisoning. SEO poisoning refers to cyber criminals purchasing ads that imitate legitimate business ads to increase the prominence of their phishing websites by making them appear more authentic to customers who use a search engine to locate the business’ website. When users click on the fraudulent search engine ad, they are directed to a sophisticated fraudulent phishing site that mimics the real website, tricking users into providing their login information.

Once the impersonators have access and control of the accounts, the cyber criminals quickly wire funds to other criminal-controlled accounts, many of which are linked to cryptocurrency wallets; therefore, funds are disbursed quickly and are difficult to trace and recover. In some cases, including nearly all social engineering cases, the cyber criminals change the online account password, locking the owner out of their own financial account(s).

Stay Protected

Stay vigilant against ATO fraud attempts by following these tips.

Be careful about the information you share online or on social media.

By openly sharing information like a pet’s name, schools you have attended, your date of birth, or information about your family members, you may give scammers the information they need to guess your password or answer your security questions.
Monitor your financial accounts on a regular basis.

Watch for irregularities, such as missing deposits or unauthorized withdrawals, wire transfers, or expenditures.
Always use unique, complex passwords.

Enable two-factor authentication or MFA on any account possible. Never disable it.
Use Bookmarks or Favorites for navigating to login websites.

Avoid clicking on Internet search results or advertisements. MFA will not protect you if you land on a fraudulent login page. Carefully examine any email address, URL, or spelling in unsolicited correspondence.
Stay vigilant against phishing attempts.

Be suspicious of unknown “banking” or “company” employees who call you; don’t trust caller ID. Hang up, verify the correct number, and call it yourself. Companies generally do not contact you to ask for your username, password, or OTP.

What To Do in Case of an ATO Incident

Contact Your Financial Institution

Contact your financial institution as soon as fraud is recognized to request a recall or reversal as well as a Hold Harmless Letter or Letter of Indemnity. Requesting a recall and obtaining a Hold Harmless Letter/indemnification documents as quickly as possible may reduce or eliminate your financial losses. Immediately report fraudulent wire transfers to both to your financial institution and to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov.
Reset or Revoke Compromised Credentials

Reset all credentials and passwords that may have been exposed during the intrusion, including user and service accounts, compromised certificates, or other “secret” credentials. If you use the compromised password for other online accounts, change your password on those sites too.
File a Complaint

File a detailed complaint with www.ic3.gov. It is vital the complaint contain all required data in provided fields, including banking information.
- Identifying information about the cyber criminals including the financial institution impersonated, name, phone number, address, and email address.
- Any websites or software the cyber criminals may have asked you to visit or download.
- Any financial accounts provided or used by the cyber criminals.
- Include the words “Account Takeover” or “SEO poisoning” in the incident description.
Notify the Impersonated Company

Notify the company that was impersonated of the method the cyber criminals used to target the account owner. The company may be able to warn others to watch out for the scam and take proactive measures like requesting phishing pages be taken down.
Stay Informed

Visit www.ic3.gov for updated Industry Alerts and Public Service Announcements regarding ATO trends, as well as other cyber-enabled fraud schemes.

Fragmented Cybersecurity Regulation is Raising Costs and Increasing Risk for Mobile Operators: GSMA Report

Technology For You — Thu, 27 Nov 2025 09:48:00 +0000

The mobile industry, supported by the GSMA, calls for harmonised, risk-based and collaborative policy frameworks to strengthen global cyber resilience.

26^th November 2025, Doha: The GSMA today released a major new independent study, The Impact of Cybersecurity Regulation on Mobile Operators, revealing that mobile operators are spending between US $15-19 billion annually on core cybersecurity activities, a figure expected to rise to US $40-42 billion by 2030. Despite this significant investment, mobile network operators, who form the backbone of digital economies worldwide, are impacted by poorly designed, misaligned or overly prescriptive regulation, which results in unnecessary costs, diverting resources from genuine risk mitigation, and in some cases increasing exposure to cyber threats.

Michaela Angonius, GSMA Head of Policy and Regulation, said: “Mobile networks carry the world’s digital heartbeat. As cyber threats escalate, operators are investing heavily to keep societies safe – but regulation must help, not hinder, those efforts. This report makes clear that cybersecurity frameworks work best when they are harmonised, risk-based and built on trust. When done poorly, regulation can redirect critical resources away from real security improvements and toward compliance for its own sake.”

A global perspective

Developed in partnership with Frontier Economics, the report draws on economic analysis and operator interviews representing the Africa, Asia Pacific, Europe, Latin America, Middle East and North America regions. It highlights how the fast-changing nature of cyber threats is driving up the costs and complexity for mobile operators across the globe, making collaboration between governments in different jurisdictions and engagement with industry vital in avoiding unnecessary costs for those operators present in multiple markets.

Policy misalignment is creating unnecessary burdens:

The study identifies widespread challenges across markets, including:

Fragmented and inconsistent regulation, forcing operators to comply with overlapping or contradictory requirements from multiple agencies.
A proliferation of reporting obligations, sometimes requiring the same incident to be reported multiple times in different formats.
Prescriptive “box-ticking” rules that mandate tools or processes rather than focusing on real-world security outcomes.

One operator reported that up to 80% of their cybersecurity operations team’s time is spent on audits and compliance tasks, rather than threat detection or incident response.

Despite these pressures, operators emphasised that ensuring safe and secure mobile networks is a priority for their customers and for society as a whole in a digitally connected world.

Six principles for effective cybersecurity regulation:

The report outlines a blueprint for governments and policymakers to build more secure and efficient frameworks, and design cybersecurity policies according to six core principles:

Harmonisation: Align cybersecurity policy with international standards where possible, to reduce regulatory fragmentation and inconsistency.
Consistency: Ensure new policies and frameworks are consistent with existing policy to avoid duplication or conflict.
Risk- and outcome-based: Adopt risk- and outcome-based approaches in the design and implementation of cybersecurity regulation, giving operators flexibility to innovate.
Collaboration: Promote a collaborative regulatory culture with industry, supported by secure threat intelligence sharing.
Security-by-design: Encourage a proactive, security-by-design approach to mitigating cyber risks.
Capacity-building: Strengthen the institutional capacity of cybersecurity authorities to ensure a whole-of-government approach and effective application of policy and regulation.

The report warns that unilateral, fragmented approaches heighten vulnerabilities and create inefficiencies for global operators.

Michaela Angonius added: “Cybersecurity is a shared responsibility. To protect citizens and critical societal services, regulators and operators should work together, guided by a common set of principles. When policy is coherent and outcomes-focused, the entire digital ecosystem becomes safer.”

A call for coordinated global action:

The mobile industry, supported by the GSMA, is calling on governments and regulators to minimise unnecessary burdens on mobile operators by collaborating and building trusted frameworks and mechanisms that foster innovation to enable mobile networks to remain secure, resilient, and capable of supporting the digital services that societies increasingly rely on.

For more information and to access the full report, see here.

Kaspersky and VDC Research reveal over $18B in potential losses from ransomware attacks

Technology For You — Wed, 26 Nov 2025 06:27:51 +0000

Kaspersky and VDC Research reveal over $18B in potential losses from ransomware attacks on the global manufacturing industry in 2025

Kaspersky in collaboration with VDC Research announced that in the first three quarters of 2025 ransomware attacks on manufacturing organizations could have generated over $18 billion in losses.

This figure reflects just the direct cost of an idle workforce during downtime, with overall operational and financial impacts far exceeding this amount. Estimations were made across APAC, Europe, the Middle East, Africa, CIS and LATAM based on the share of manufacturing organizations where ransomware attempts were detected and prevented, the total number of manufacturing organizations in each region, average downtime hours after real attacks, average number of employees per organization and average hourly pay.

According to Kaspersky Security Network from January to September 2025, the Middle East (7%) and Latin America (6.5%) led the regional rankings in terms of ransomware detections in manufacturing organizations. APAC (6.3%), Africa (5.8%), CIS (5.2%) and Europe (3.8%) followed. All of these attacks were blocked by Kaspersky solutions. The estimation of potential losses (below) shows the financial impact if these attacks succeeded.

When ransomware hits, production lines halt, triggering immediate revenue losses from an idle workforce and longer-term shortfalls from reduced output. The average attack lasts 13 days (based on Kaspersky Incident Response Report). As a result, idle labor costs from ransomware in the first three quarters of 2025 could have reached:

$11.5 billion in APAC
$4.4 billion in Europe
$711 million in LATAM
$685 million in the Middle East
$507 million in CIS
$446 million in Africa

Actual business losses could have been significantly higher when factoring in supply-chain disruptions, reputational damage, and recovery expenses.

“Our research provides an estimation of the financial impact that ransomware may have had on manufacturing worldwide. The growing complexity of manufacturing environments, along with widening expertise gaps and ongoing labor challenges, makes it difficult for most organizations to manage cybersecurity effectively, but failure to do so may result in financial losses – followed by reputational blows as well. Partnering with proven cybersecurity vendors is paramount for effective IT, OT and IIoT protection,” comments Jared Weiner,Research Director, Industrial Automation & Sensors at VDC Research.

“No region is exempt from ransomware – whether it’s the Middle East, LATAM, APAC, CIS, Africa or Europe, every manufacturing hub is constantly being targeted. Mid-tier manufacturers that could have been overlooked by threat actors in the past are also among the targets because their security budgets are smaller and their supply chain disruption effects can be larger than most realize. The manufacturing sector and all other organizations need reliable, proven defense systems and continuous user education,” comments Dmitry Galov, Head of Research Center for Russia and CIS at Kaspersky’s GReAT.

More information about ransomware in different regions is available in Kaspersky’s 2025 State of Ransomware Report.

Non-Executive Directors’ Skepticism in Cybersecurity Value Is a Resource for Change

Technology For You — Mon, 24 Nov 2025 16:57:47 +0000

Gartner Survey Finds 90% of Non-Executive Directors Lack a Measure of Confidence in Cybersecurity Value

Ninety percent of non-executive directors (NEDs) lack a measure of confidence in cybersecurity value, according to a new survey from Gartner, Inc., a business and technology insights company.

Only 10% of NEDs express strong confidence in the value of cybersecurity investments or initiatives, stating they have the right balance of protection and cost. Yet, NED’s skepticism in cybersecurity value is a resource for change. Sense-maker CIOs and CISOs, who form the cyber-elite and help their organizations understand and respond to complexity and change have managed to earn their boards’ trust on “just right” levels of protection and cost.

The 2026 Gartner Board of Directors Survey was conducted from April 14 – May 22, 2025 among 330 respondents from North America, Latin America, Europe and Asia/Pacific, who are in a non-executive director role of private or public companies.

“Boards often struggle to connect cybersecurity investments to real business outcomes,” said Kristin Moyer, Distinguished VP Analyst at Gartner. “Dashboards and compliance updates can confuse rather than reassure, leaving NEDs uncertain about whether their organization is truly more secure. Sense-maker CIOs and CISOs earn board consensus on right levels of protection and cost by translating the complexity of cybersecurity into business value such as revenue, cost and shareholder impact.”

Boards are seeking clear insights into how specific threats translate into real risks for their organizations. Sense-maker CIOs and CISOs provide transparency on actual exposure levels and readiness for threats, moving beyond general cyberthreat trends, to empower NEDs with the information needed for informed decisions.

Top External Threats Impacting Shareholder Value

While boards are seeking greater clarity on cyber risks, they also recognize that these risks are part of a broader set of external threats facing organizations today. Seventy percent of NEDs identified geopolitical instability and international conflict as the most significant external threats to shareholder value in the next 12 months. Notably, one in three NEDs viewed cyber-risks, technology disruption and innovation challenges as top external threats to shareholder value in the year ahead.

“Virtually all NEDs have experienced a cybersecurity breach either as executive leaders or during their tenure as board members,” said Tina Nunno, Managing VP at Gartner. “New security regulations have placed this topic front-and-center on board agendas. At the same time, AI is causing significant business disruption—and has gained considerable attention from boards.”

Technology Seen as Both a Risk and a Key to Navigating Volatility

Although technology is viewed by NEDs as an emerging risk area to shareholder value—including AI’s disruptive potential—it is also seen as an essential lever for navigating volatility ahead.

Sixty-three percent of NEDs said investment in technology and innovation is the best way to counter today’s global volatility (see Figure 1).

Figure 1: Top Strategies to Navigate Current Geopolitical and Economic Volatility

Source: Gartner (November, 2025)

“The majority of NEDs not only believe that technology investment is a key strategy in dealing with volatility, but they also believe that the majority of those investments should be in AI,” said Nunno. “AI was ranked as the number one investment (57% of respondents) expected to have a positive impact on shareholder value in the next two years, ahead of investing in new products and services (56%) and M&A (45%). NEDs have taken notice of the vast sums of money being invested in AI startups and large language models (LLMs) and believe over time that at least some of these AI bets will pay off.“The majority of boards (71%) would like to see their enterprises take more technology risk and are actively encouraging their CEOs and executive teams to demonstrate that they have an AI strategy and are moving quickly enough.”

Kaspersky: financial sector faced AI, blockchain and organized crime threats in 2025

Technology For You — Mon, 17 Nov 2025 17:15:20 +0000

Kaspersky launches its 2025 Security Bulletin, which reviews the major cybersecurity trends of the past year and offers a look towards the future. The first KSB is dedicated to cybersecurity in the financial sector, providing an overview of major cases, key trends, and evolving threats. This year, the financial sector navigated a rapidly evolving cyber landscape, with malware spreading through messaging apps, AI-assisted attacks, supply chain compromises, and NFC-based fraud.

2025 financial sector cybersecurity in figures

8,15% of users faced online threats in the finance sector.
15,81% of users in the finance sector faced local threats.
12.8% of B2B finance sector companies faced ransomware this year.
35.7% more unique users in the finance sector encountered ransomware detections in 2025 compared to 2023.
1,338,357 banking trojan attacks were detected this year.

Cybersecurity trends and cases shaping the financial sector in 2025

Large-scale supply chain attacks: the financial sector faced a series of unprecedented supply chain attacks, which are incidents that exploit vulnerabilities in third-party providers to reach their primary targets. The breaches demonstrated how vulnerabilities in third-party providers can cascade through national payment networks, affecting even central systems.

Organized crime converging with cybercrime: organized crime is increasingly combining physical and digital methods, creating more sophisticated and coordinated attacks. Financial institutions faced threats that blend social engineering, insider manipulation, and technical exploitation.

Old malware, new channels: cybercriminals increasingly exploit popular messaging apps to spread malware, shifting from email phishing to social channels. Banking trojans are being rewritten to use messaging platforms as a new distribution vector, enabling large-scale infections.

AI scales malware to new heights: this year, AI-enabled malware has increasingly incorporated automated propagation and evasion techniques, allowing attacks to spread faster and reach a larger number of targets. This automation also shortens the time between malware creation and deployment.

Mobile banking attacks and NFC fraud: Android malware using ATS (Automated Transfer System) techniques automate fraudulent transactions, altering transfer amounts and recipients in real time without the user noticing. NFC-based attacks have also emerged as a key trend, enabling both physical fraud in crowded places and remote fraud via social engineering and fake apps mimicking trusted banks.

Blockchain-Based C2 Infrastructure is on the rise: crimewareattackers increasingly embed malware commands in blockchain smart contracts, targeting Web3 to steal cryptocurrencies. This method ensures persistence and makes the infrastructure extremely difficult to remove. Using blockchain for C2 operations allows attackers to maintain control even if conventional servers are shut down, highlighting a new level of resilience in cyberattacks.

Ransomware presence: these type of attacks remained a persistent threat for the financial sector across most regions this year. Worldwide 12.8% of B2B finance organizations were affected by ransomware, with 12.9% in Africa, 12.6% in Latin America, and 9.4% in Russia & CIS (KSN Data, November 2024 through October 2025).

Disappearance of certain malware families: some malware families are likely to disappear, as their activity depends directly on the operations of specific criminal groups.

“In 2025, financial cyber threats evolved into a complex landscape, with attacks hitting businesses and end users alike. Criminal groups increasingly combined digital tools, insider access, AI and blockchain to scale operations, forcing organizations to secure not only their systems but also the human networks that support them,” said Fabio Assolini, Head of the Americas & Europe units at Kaspersky GReAT.

Predictions: what finance cybersecurity might face in 2026

1 – Banking Trojans will be rewritten for WhatsApp distribution: criminal groups will increasingly rewrite and scale banking trojans distribution and abuse messaging apps like WhatsApp to target corporate and government organizations that still rely on desktop-based online banking. These environments are where Windows-based banking trojans thrive.

2 – Growth of deepfake/AI services for social engineering: the trade in realistic deepfakes and AI-powered campaigns is expected to expand even more, fueling scams around job interviews and offers, driving underground demand for tools that fully bypass KYC verification.

3 – Appearance of regional info stealers: as Lumma, Redline and other stealers are still active, we expect to see the appearance of regional info stealers, targeting specific countries or regions, expanding the use of MaaS model.

4 – More attacks on NFC payments: as a key technology used in payments, we’ll see more tools, more malware and attacks directed against NFC payments, in all types.

5 – The advent of Agentic AI malware: agentic AI malware is characterized by its ability to dynamically alter behavior mid-execution. Unlike conventional malware that relies on pre-defined instructions, agentic variants are designed to assess their environment, analyze their impact, and adapt their tactics on the fly. This means that a single piece of malware could exhibit a range of behaviors, from initial infiltration to data exfiltration or system disruption, all in response to the specific defenses and vulnerabilities it encounters

6 – Classic fraud will obtain new delivery: fraud will remain a major threat to end users, but its delivery methods will keep evolving. As new services and messaging platforms emerge, attackers will continue to adapt their tactics to the channels where their target audience is most active.

7- The persistence of ‘out of box’, pre-infected devices: the threat of counterfeit smart devices sold already infected with trojans (such as Triada) will continue to evolve. These trojans often come with extensive capabilities, including the ability to steal banking credentials, and affect not only “gray” Android smartphones but also other smart devices such as TVs.

The full KSB version is available by link.

Unknown Call Scams: How They Work and How to Stay Safe

Technology For You — Tue, 11 Nov 2025 12:36:47 +0000

Unknown call scams have become one of the most widespread forms of digital and financial fraud in recent years. Fraudsters use phone calls—both voice and automated (“robocalls”)—to trick people into sharing personal information, making immediate payments, downloading malicious apps, or performing actions that compromise their privacy and money. As mobile penetration increases and digital payments become mainstream, the threat of scam calls has risen sharply.

To protect yourself, understanding how these scams work is the first step.

Common Types of Unknown Call Scams

1. Impersonation Scams

Fraudsters pretend to be officials from banks, telecom companies, courier services, government agencies, or even law enforcement.
Examples:

“Your bank account is at risk. Please share your OTP immediately.”
“Your KYC has expired. Click this link to update now.”

2. Prize and Lottery Scams

You receive a call claiming you’ve won a prize, car, or lottery—even if you never participated.
Red flag: You are asked to pay ‘processing fees’ or ‘taxes’ to receive the prize.

3. Fake Courier and Delivery Scams

You may receive calls saying:

A package from overseas contains illegal items.
Customs needs your verification details.
These scams scare users into sharing ID proofs or paying fake penalty fees.

4. Job Offer Scams

Scammers pose as HR representatives of reputed companies and ask:

“Registration fees”
“Training fees”
“Background verification fees”

Once the payment is made, they vanish.

5. Loan/Insurance Scam Calls

Fraudsters offer “instant loans” or “low-cost insurance” and ask for:

Aadhaar details
PAN numbers
Bank details
App installation (spyware)

How Scammers Trick Victims

1. Urgency and Fear

They will create panic or urgency:

“Your account will be blocked.”
“Police complaint has been filed.”

This rushes people into making mistakes.

2. Spoofed Caller IDs

They use tools to display fake numbers:

Bank helplines
Government offices
Local police stations

3. Social Engineering

They gather basic info (name, city, mobile number) from leaked databases or social media, making the call seem legitimate.

4. Emotional Manipulation

Fraudsters pretend to be relatives in distress, often demanding immediate money transfers.

Common Signs of a Scam Call

Unknown or international numbers you never interacted with.
Pretending to be officials but sounding unprofessional.
Requesting sensitive details such as OTPs, CVV, passwords, PINs.
Demanding immediate payment.
Asking you to install remote-access apps (AnyDesk, TeamViewer).
Threatening legal action.
Offering deals that sound too good to be true.

How to Stay Safe from Unknown Call Frauds

1. Never Share Personal or Banking Information

Banks, government agencies, or legitimate companies will never ask for:

OTP
ATM PIN
CVV
Full card number
UPI PIN

If someone asks for these, it is a scam.

2. Don’t Click Links Sent by Unknown Callers

Suspicious links may install malware or lead to phishing websites.

3. Use Call Blocking and Spam Detection Apps

Apps like:

Truecaller
Built-in phone spam filters

Help identify and block known scam numbers.

4. Enable DND (Do Not Disturb) on Your Mobile

This reduces unsolicited commercial calls.

5. Verify Before Acting

If you get a call claiming to be from your bank or courier:

Disconnect the call.
Call the official number from the bank’s website or official app.
Confirm if the call was real.

Never call back on numbers provided by the caller.

6. Avoid Installing Remote Access Apps

Scammers often ask you to install apps that let them control your device screen.

7. Keep Your Social Media Privacy Settings Strict

Fraudsters study your public info and use it to personalize scams.

8. Report Scam Calls

You can report suspicious calls to:

1930 (National cybercrime helpline – India)
cybercrime.gov.in

Quick reporting can stop further losses.

9. Educate Family Members

Especially:

Senior citizens
Young students
Domestic helpers

They are often targets of fraudsters.

What to Do If You Fall Victim

If you mistakenly shared information or transferred money:

1. Act Immediately

Block your bank cards
Change account passwords
Disable UPI temporarily

2. Call Your Bank Helpline

Inform them about unauthorized activity.

3. File a Cybercrime Complaint

Call 1930 or visit cybercrime.gov.in
Early reporting increases the chance of recovering funds.

4. Note Down All Details

Caller number
Call time
Any payment detail
Screenshots (if applicable)

Conclusion

Unknown call scams are evolving and becoming more sophisticated with each passing day. The best defense is awareness, skepticism towards unsolicited calls, and strict control over personal and financial information. Always remember:
If something feels suspicious, hang up immediately.

By staying vigilant and spreading awareness, you can protect yourself and others from becoming victims of phone-based fraud.

Cyber Resilience and AI Risk: Safeguarding the UK’s Critical Infrastructure in a New Threat Landscape

Technology For You — Fri, 07 Nov 2025 09:42:24 +0000

by David Morimanno, Field CTO NA, Xalient

In October, the UK put a spotlight on cyber resilience with the release of the NCSC’s 2025 Annual Review. CEO Richard Horne warned that failing to prepare for cyberattacks risks a company’s future. The urgency behind this statement is backed by data: the NCSC handled 204 major cyber incidents between September 2024 and 2025, and 43% of UK businesses reported a breach in the past year.

The review was swiftly followed by an open letter from government ministers urging CEOs to “make cyber a board-level priority.” The message is clear, cybersecurity is no longer optional or reserved for large enterprises; it’s a strategic imperative for every organization.

Cyber threats are clearly escalating and recent attacks on household names like Marks & Spencer, Co-Op, Jaguar Land Rover (JLR), and Harrods have exposed vulnerabilities across sectors. JLR is estimated to have cost the UK economy more than £2 billion, particularly when you factor in supply chain disruption. But the impact goes far beyond the balance sheet, thousands of livelihoods have been affected.

For Critical National Infrastructure, which underpins public safety and economic stability, the consequences of a successful cyberattack could be catastrophic and unfortunately, based on track record, it’s not a question of if, but when.

Is AI A Double-Edged Sword in Cybersecurity?

The NCSC Annual Review also highlights the growing role of artificial intelligence (AI) in cybersecurity. It reaffirms guidance such as the AI Security Code of Practice, which focuses on securing AI model development and deployment. However, AI is not just a defensive tool, it’s transforming both sides of the cyber battlefield. Its ability to automate, scale, and adapt introduces new tactics and challenges, making it a powerful force multiplier for attackers and defenders alike.

On the defensive front, AI is reshaping cybersecurity through advanced threat detection and automated response. Its use in vulnerability scanning and anomaly detection is expanding rapidly, with machine learning helping identify threats that traditional systems often miss. Microsoft’s Copilot and Purview are great examples of this shift: Copilot integrates with security platforms to streamline threat analysis and automate incident response, while Purview enhances data governance through AI-driven classification and monitoring. These tools offer real-time insights and faster triage, which are critical for CNI operators who must maintain uptime and safety. However, a key challenge remains. Cost. As AI tools scale their hunting and correlation capabilities, operational expenses rise.

How AI Is Powering the Next Wave of Cyberattacks

Meanwhile, attackers are increasingly using AI to launch sophisticated, evasive campaigns. Deepfake voice and video fraud targeting executives has already occurred, and tools like Promptlock demonstrate how AI-generated prompts can automate lateral movement and privilege escalation. AI’s speed and adaptability could soon enable polymorphic malware that rewrites itself to evade detection. Hackers are now using smarter techniques to make their attacks more effective. One method, reinforcement learning, helps them adjust and deliver harmful software in real time. At the same time, advanced malware like Emotet can use AI to study a computer’s security and choose the best way to sneak past it, making it much harder for defenders to keep systems safe.

Companies like Anthropic are actively researching ways to make AI systems more resistant to adversarial manipulation. Their work on constitutional AI and red-teaming large language models (LLMs) shows how attackers might exploit prompt injection or model behavior to generate harmful outputs or bypass safeguards. This underscores the dual aspect of AI, where the same tools that enhance productivity can also be weaponized.

One of Anthropic’s most cited examples is the “Claude Plays Pokémon” experiment. Researchers embedded hidden instructions within a seemingly harmless task, causing Claude to behave in unintended ways. The goal was to test how easily an LLM agent could be hijacked or redirected without explicit malicious input. This kind of manipulation could be devastating if applied to AI systems embedded in CNI environments, where even minor deviations could trigger cascading failures.

Can AI Plan Ahead?

As AI-powered malware becomes more independent, experts are asking whether AI can plan ahead or change its goals. In March 2025, researchers at Anthropic found that their AI model, Claude, seemed to organize its thoughts before writing poetry, hinting that it might have some idea of what it wanted to produce. They ran tests to show that parts of the model held these early ideas. But not everyone agrees. A team from Oxford Martin argued in July 2025 that just because AI explains its steps doesn’t mean it’s truly thinking. They believe these explanations can be misleading and suggest using deeper testing methods to better understand how AI really works.

Together, these studies highlight the tension between AI’s apparent planning and its underlying mechanics. This raises questions about control, transparency, and trust as AI systems become more embedded in critical infrastructure and potentially used by adversaries.

Understanding AI Is the First Step to Defending Against It

Knowing what’s happening inside the AI black box is vital, as it allows us to spot behavior and any lurking risks before they surprise us. However, the bottom line is, if we do not truly understand what AI models are doing, we cannot anticipate what AI malware will do, especially when it has access to local resources.

This uncertainty means we need more than just technical solutions. For CNI, the stakes couldn’t be higher. We need trusted partners, deeper operational capability, dynamic security controls, and relentless vigilance. As AI becomes embedded in the systems that power our economy and safety, from energy grids to transport networks, resilience must be built into every layer. That includes not just code and hardware, but governance, training, and leadership. Cybersecurity must be treated as a living discipline, evolving alongside the threats it seeks to contain.

Ultimately, the fusion of AI and cybersecurity presents both a challenge and an opportunity. For CNI operators, the path forward requires embracing innovation while maintaining rigorous oversight. The goal is not just to defend against today’s threats, but to anticipate the threats of tomorrow. And that starts with understanding the tools we’re using and the ones being used against us.

The Shift Left of Boom: Making Cyber Threat Prevention Practical Again

Technology For You — Fri, 07 Nov 2025 09:40:00 +0000

by John Dominguez, Senior Director of Product Marketing at Reach Security

The old saying “prevention is better than cure” has lost currency in today’s cybersecurity industry. Instead, security teams are advised to assume that the business has been breached and focus on threat detection, investigation, response, and recovery. Yet, during cyber incident post-mortems, it is not uncommon to find that the business owned the tool that would have protected it against the breach. The problem arose because it wasn’t correctly configured before the incident happened, and no one knew this – or if they did, they didn’t have the time or resources to fix it.

We often say that hindsight has 20:20 vision and playing a blame game after a breach is morale-destroying. What we need to do is flip the script and turn hindsight into foresight to make cyber threat prevention practical again. As an industry, we need to shift security left of boom and help businesses optimize the investments they have already made. That’s easy enough to say, but harder to change in reality, especially if there is a lack of understanding around the current environment.

Security Governance Challenges for Today’s Security Architects

Security architects have an unenviable task on their hands. They are custodians of a vast cybersecurity tool stack that has usually grown organically with point solutions added as new threats emerge. It isn’t unusual to find as many as 75 different tools in use in a single organization.

And guess what? Each of those tools gets patches and updates delivered on a regular basis. No vendor wants to leave their solution with a vulnerability, so they push out patches and updates as fast as possible, leaving it to their customers to ensure they’re properly applied and that new features are fully implemented and don’t create unintended risk. To illustrate the administrative load of patches and updates, we counted 380 new features released in 2024 by the top 20 security tools in the market alone. Each tool offers around 20 independent controls that can be implemented, which results in an almost infinite number of combinations of new variables that a security team must digest every year. It just isn’t sustainable – either the team is overwhelmed with work, risking mistakes and burnout, or decision paralysis sets in, meaning the business is being put at risk by the very tools it has purchased for the purpose of protection.

Visibility is another challenge. Often, security tools don’t talk to each other, leaving a lot of valuable data stuck in siloes rather than being accessible as a resource to help harden systems and prevent attacks.

A further dimension to the visibility challenge is the ownership and management of different components of preventive security. Identity and access management tools, for example, may be owned and managed by the IT team. This can make it difficult for security architects to gain insight into their set-up and licensing terms to understand the capabilities available.

Simply identifying all these tools, figuring out their configurations, and tracking their coverage is a full-time task – and with constant updates, it can be an endless process, like painting the Golden Gate Bridge. No sooner have you finished than you must start again. Naturally, in such a fragmented environment, delivering meaningful risk reduction, and reporting it in terms that boards will understand, is yet another challenge.

Practical Threat Prevention: An Agentic AI Application

The outcome of these combined challenges is a reactive approach that is always one step behind adversaries. To shift cybersecurity left of boom and adopt a proactive, preventive strategy, organizations:

Need to maximize value from the security investments they have already made and make sure they aren’t paying for features they don’t use.
Require meaningful and timely visibility over where and how their systems are exposed or misconfigured.
Need a route to measurable risk reduction that uses existing resources – tools and personnel – effectively.

Solutions to parts of this problem already exist in the shape of exposure assessment platforms (EAP). These analyze systems to identify misconfigurations that could lead to a breach, but they typically deliver static reports that simply list identified exposures. They are missing context around what exposure means to the business. For example, rather than a basic alert about phishing risk, it is useful to understand if certain individuals or business divisions are being disproportionately targeted. That way, remediation actions can be more holistic, such as educating those employees to be vigilant, alongside tuning phishing defence tools.

Another missing element is prioritization. Not all threats carry equal risk of being exploited, so when you’re deciding where to allocate limited resources, it is valuable to know what should be fixed first. And on the subject of fixing issues, exposure management software won’t tell you how and where to fix the problem it has identified, creating an administrative burden on teams who now must research and allocate fixes.

It is these “next steps” of contextualization, prioritization, and fixing that an agentic AI solution can elegantly and effectively address. Consider an agent that analyzes all those tools and systems for misconfigurations, prioritizes them based on highest risk, then creates a ticket specifying how and where the fix needs to happen, and adds it to the organization’s existing task management tool. An organization that is especially AI-confident could even permit the agent to carry out fixes in a staged environment, so the team simply must check it before pushing it live.

Agentic AI for security operations offers security teams an opportunity to become proactive, rather than remaining stuck in a reactive spiral that has become the status quo. It can help security architects overcome tool sprawl to gain clarity over risk posture and not just surface hidden risks, but address them, too. It also allows for continuous monitoring to identify when configurations drift out of the optimal state, and that’s a huge advantage because it addresses the “moving target” nature of cyber risk management, recognizing that systems evolve.

The next era of cybersecurity must build on the investments in tools and infrastructure that we’ve already made, by leveraging them more intelligently to stem the tide of preventable breaches. It’s time to shift the focus back on prevention, not just detection and response. Agentic AI offers a transformative opportunity to proactively harden systems and close the gaps that attackers expect to be able to exploit.

Cyber Security – Technology For You

Fortinet’s 2026 Cyberthreat Predictions: Inside the Industrialization of Cybercrime and What to Expect in 2026

New insights reveal how scammers copy trusted brands during peak shopping season and what every shopper can do to stay one step ahead

Account Takeover Fraud via Impersonation of Financial Institution Support

How It Works

Social Engineering

Phishing Domains/Websites

Stay Protected

Be careful about the information you share online or on social media.

Monitor your financial accounts on a regular basis.

Always use unique, complex passwords.

Use Bookmarks or Favorites for navigating to login websites.

Stay vigilant against phishing attempts.

What To Do in Case of an ATO Incident

Contact Your Financial Institution

Reset or Revoke Compromised Credentials

File a Complaint

Notify the Impersonated Company

Stay Informed