Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service

Inside the Cyber Extortion Boom: Phishing Gangs and Crime-as-a-Service

https://www.infosecurity-magazine.com/news-features/inside-the-cyber-extortion-boom/

Publish Date: 2026-01-10 23:30:54

Source Domain: www.infosecurity-magazine.com

In 2025, cyber extortion saw a significant surge, driven by an increase in active phishing groups and more advanced assault techniques, according to the Security Navigator report from Orange Cyberdefense. The number of distinct cybercriminal groups tripled since 2020, fueled by the cybercrime-as-a-service model, and these groups have adopted AI for precise phishing campaigns and social engineering strategies like deepfakes and multi-channel attacks. This trend indicates that phishing remains the primary method of compromising UK organizations, as shown by forescout’s Cyber Security Breaches Survey 2025, although tactics have evolved to use services like Telegram bots and link forwarding for scale. Threats are expanding with OAuth exploits, QR code malware, and phishing through.ics calendar files. AI is emerging as a significant threat, used not just for generating high-quality phishing emails but also synthetic identity scams and deepfake voices. For cybersecurity leaders, the key challenge moving forward lies in balancing user awareness with advanced out-of-band verification and robust multi-factor authentication measures. Maintaining cyber hygiene and security awareness remains as crucial as ever.

Key Points:
– The number of cyber extortion cases rose by 45% during 2025 due to the proliferation of phishing and sophisticated AI-enhanced attacks.
– Cybercrime-as-a-service and social engineering techniques increased threats substantially.
– AI significantly improved the quality and scale of phishing campaigns and is used to craft deepfakes and synthetic identity scams.
– CISOs need to implement advanced verification methods and tighten multi-factor authentication to combat these advanced threats.
– Continuing cyber hygiene and security awareness training is essential despite complex evolving threats.