Cybercriminals Target Personal Data – And It’s Paying Off
▼ Summary
– Cybercriminals increasingly use unidentifiable phishing kits (58% of phishing sites), with Evilginx, Tycoon 2FA, and 16shop being the most prevalent, aided by AI affordability.
– Manufacturing remains the top target sector for cyberattacks (26% of email-based incidents in Q2 2025), followed by retail (20%) and healthcare (19%).
– Scandinavian countries face rising BEC attacks, with cybercriminals localizing scams in Danish (38%), Swedish, and Norwegian to target executives and critical corporate communications.
– Lumma Stealer, delivered via malicious attachments or phishing links, is the most encountered malware in Q2 2025, sold as Malware-as-a-Service (MaaS) for broad criminal use.
– Financial lures (35%) and urgency-based messaging are top phishing tactics, with 54% of attacks using open redirect mechanisms and PDFs (64%) as the preferred malicious attachment.
Cybercriminals are increasingly leveraging sophisticated phishing kits to launch large-scale attacks, with many of these tools designed to evade detection and analysis. Recent findings reveal that 58% of phishing sites now use obfuscated or custom-built kits, making them harder to trace or reverse-engineer. Among the most widely used are Evilginx (20%), Tycoon 2FA (10%), and 16shop (7%), with AI-driven tools lowering costs and expanding accessibility for attackers.
Manufacturing remains the most targeted industry, accounting for 26% of all email-based attacks in Q2 2025, including phishing, business email compromise (BEC), and malware-laden spam. Retail and healthcare follow closely, at 20% and 19% respectively, continuing a trend observed over the past year. While credential theft (22%) and vulnerability exploitation (20%) top the list of initial attack vectors, phishing plays a critical role in enabling these breaches by tricking users into handing over login details.
A notable shift in BEC tactics has emerged in Scandinavia, where attackers are tailoring scams to local languages and corporate structures. Danish-language BEC emails account for 38% of attacks, while Swedish and Norwegian make up another 19%. Despite high English proficiency, executives and finance teams in the region frequently communicate in their native languages, making localized scams more convincing. CEOs and senior leaders remain the primary targets (82%), with HR and IT personnel also frequently impersonated.
Lumma Stealer dominated malware activity in Q2, often distributed through malicious documents or phishing links hosted on seemingly legitimate platforms like OneDrive and Google Drive. Sold as Malware-as-a-Service (MaaS), it attracts both novice and experienced cybercriminals due to its affordability and developer support.
Attackers continue refining their lures, with financial-themed emails (35%), such as payment requests or billing errors, proving most effective. Urgency-driven messages and fake account verification requests follow closely. For delivery, 54% of phishing campaigns abuse open redirects, masking malicious links behind legitimate services like marketing trackers. PDFs remain the top choice for malicious attachments (64%), though QR code exploits are gaining traction.
“Cybercriminals are exploiting AI to craft hyper-personalized phishing campaigns at an unprecedented scale,” noted a cybersecurity expert. With attackers constantly evolving tactics, organizations must prioritize email security and employee training to mitigate risks.
(Source: HelpNet Security)
