top of page
Search

OpenText Cybersecurity Threat Report: Malware Mutates, Ransomware Fractures, and AI Levels the Battlefield

In cybersecurity, evolution is inevitable — and in 2024, it accelerated at a pace that few defenders were prepared for. OpenText’s newly released 2025 Cybersecurity Threat Report paints a stark picture of a digital landscape where malware is mutating, ransomware groups are splintering, and artificial intelligence is no longer an emerging threat vector, but a fully entrenched weapon for both sides.


Drawing from telemetry across millions of business and consumer endpoints, email defenses, DNS filters, and web intelligence feeds, OpenText’s report delivers one resounding message: complexity is the new constant.


Malware Returns with a Vengeance — Especially for Business


If 2023 hinted at malware’s decline, 2024 crushed that narrative. Business-targeted malware infections spiked 28% year-over-year, fueled by more sophisticated delivery chains and custom-tailored regional campaigns. While consumer infection rates plateaued, organizations faced an arms race against multi-stage payloads and evasive obfuscation techniques designed to dodge traditional defenses.


Attackers aren’t just flooding inboxes anymore; they’re crafting bespoke campaigns that adapt to geography, industry, and even company size. As ransomware groups mature into fully industrialized operations, the frontline is no longer a simple phishing email — it's a multi-phase siege.


Consumers Still Fall for the Classics


Even as corporate defenses hardened, consumers remained vulnerable to old tricks in new clothes. Over half of all malware infections on personal devices originated from the Downloads folder or Desktop, a clear reminder that trust — not technology — remains the ultimate vulnerability.


Social engineering bait like fake installers, cracked software, and trojanized attachments continued to outpace technical exploits. Despite years of awareness campaigns, habitual behavior still tilts the odds in attackers’ favor.


Manufacturing Becomes Ground Zero


In one of the report’s most eye-opening findings, the manufacturing sector emerged as the top target for malware infections, with manufacturers now 42.4% more likely than average to experience compromise — a sharp climb from last year’s 32.9%. The motive is clear: ransomware operators have set their sights on operational technology (OT) environments, betting that downtime and disrupted supply chains will pressure organizations into faster, bigger ransom payments.


Meanwhile, industries like information services and public administration also saw major infection spikes, while mining and oil and gas notably improved their cybersecurity postures enough to drop from the top five most-targeted industries.


Ransomware’s New Playbook: Fragmentation and Opportunism


If LockBit’s collapse taught cybersecurity teams anything, it’s that even top ransomware brands are fragile. After “Operation Cronos” — a major international law enforcement takedown — LockBit’s infrastructure crumbled. But unlike previous ransomware groups that quietly rebranded or dissolved, LockBit stubbornly tried to limp back into relevance, fracturing its affiliate network and credibility in the process.


Meanwhile, new ransomware trends took hold:


  • Data-theft-only attacks (exfiltration without encryption) surged.


  • Small and mid-sized businesses (SMBs) became favored targets due to faster negotiation cycles and less mature defenses.


  • Dwell times — the period between initial compromise and attack execution — shortened dramatically.


Rather than slowing ransomware down, law enforcement victories seem to have accelerated an evolutionary shift toward speed, decentralization, and sharper extortion tactics.


Europe Emerges as a Cyber Flashpoint


The geopolitical ripples of the Russia-Ukraine conflict were mirrored in Europe’s rising cyber threat levels. Western Europe remained a hotbed for phishing and ransomware, but new infection hubs emerged in Poland, Romania, and Central Europe, where cybercriminal infrastructure flourished.


According to OpenText’s endpoint heatmaps, infection rates correlate tightly with both population centers and the density of digital infrastructure — making cities like Berlin, Paris, London, and Warsaw prime cyber battlegrounds.


Phishing Goes Surgical


Volume took a backseat to precision in 2024’s phishing ecosystem. Attackers shifted to more surgical campaigns, leveraging legitimate platforms like Google APIs, Amazon AWS, and Canva to mask their payloads. The report logged a staggering 171.2 million instances of “Living Off the Land” phishing, where cybercriminals abused trusted cloud services to evade traditional detection tools.


Gone are the days of typo-riddled phishing emails — today’s scams are slick, well-researched, and chillingly effective.


AI’s Double-Edged Sword


Artificial intelligence cemented its role in cybersecurity last year — for better and worse. While enterprises experimented with generative AI to bolster defenses and automate tasks, threat actors weaponized the same tools for hyper-personalized scams, deepfake-driven impersonation, and malware development at unprecedented speeds.


The era of AI-enhanced cybercrime isn’t coming — it’s here, and organizations that treat it as a future concern are already falling behind.


The Road Ahead: Integrated Resilience or Bust


OpenText’s final warning is blunt: piecemeal defenses will not survive what’s coming. As the average attack lifecycle shrinks and evasive techniques mature, organizations must invest in security architectures that emphasize integration, visibility, and real-time response. Endpoint security, threat intelligence, email protection, and data defense can no longer operate in isolation.


In 2025, resilience isn’t a buzzword — it’s a prerequisite for survival.

bottom of page