Yearender 2025 | A Year Of Dangerous Cyber Attacks, Awareness, And Action
The increasing number of cyber attacks in 2025 has forced governments, companies, and ordinary users to think seriously about digital security.
Published : December 27, 2025 at 6:15 PM IST
Hyderabad: 2025 has been a memorable year for the cybersecurity world. As our lives become more digitalised, cybercriminals, day by day, find and adopt new ways to commit cyber crimes and fraud. This year, not only has the number of cyberattacks increased, but also their sophistication. They have become smarter, faster, and significantly more destructive than ever before.
To stop this, governments and private companies alike were forced to take strict measures against these cyberattacks to safeguard data and ensure digital security. Moreover, 2025 has also showcased that cybersecurity is no longer a concern only for tech experts, but also affects ordinary users, hospitals, banks, stock markets, government systems, and even national security.
2025: Cyberattacks Are Now Smarter
One of the biggest highlights of 2025 was cybercriminals adopting new technologies like artificial intelligence (AI) and deepfakes as their new weapons. Identifying fake emails and messages is no longer as easy as it used to be. Phishing emails and calls generated with the help of AI appear so real that even top tech experts can be fooled.
According to an IBM report, the average security breach cost is $4.9 million (around Rs 44.04 crore) in 2025, which is nearly a 10 per cent increase compared to 2024. Meanwhile, USAID estimates that the global cost of cybercrime could reach $24 trillion (around Rs 1,992 trillion) by 2027. These figures have raised serious concerns among governments worldwide.
Major International Cyberattacks of 2025
- February 2025: Hackers linked to North Korea attacked the Dubai-based crypto exchange ByBit, carried out the largest crypto heist in history. Approximately $1.5 billion (around Rs 125 billion) worth of Ethereum tokens were stolen. Investigations revealed that the hackers exploited a vulnerability in free storage software and used phishing techniques. Reports indicate that about $160 million (around Rs 1,280 crore) was laundered within the first 48 hours.
- June 2025: A massive data leak was reported in China. According to Security Discovery and Cybernews, researcher Bob Dyachenko discovered a 631GB database left open without a password, which contained personal details of approximately 4 billion people. Researchers believe this data was deliberately collected to create detailed citizen profiles.
- September 2025: British car manufacturer Jaguar Land Rover (JLR) suffered heavy losses due to a cyberattack. The company’s entire vehicle production was halted, resulting in losses of approximately £680 million (around Rs 82.93 billion) over three months.
- October 2025: The University of Pennsylvania confirmed a zero-day cyberattack on its Oracle E-Business Suite servers. This incident showed that research institutions and universities are now also on the radar of cybercriminals.
- November 2025: The US Congressional Budget Office reported a security breach. As this agency provides crucial financial research to lawmakers, the incident raised serious questions about government data security.
Major Cyber Incidents Involving India in 2025
- Sanchar Saathi Controversy: A major controversy erupted when the Indian government mandated that the Sanchar Saathi app be pre-installed on all new smartphones to prevent cyber fraud. Users were not given the option to remove it, raising privacy and surveillance concerns. Following public and opposition pressure, the government withdrew the order and clarified that the app was voluntary and could be uninstalled at any time.
- Pakistani Cyberattacks: Following the Pahalgam terrorist attack, Maharashtra Cyber reported large-scale cyberattacks on India by Pakistan-based hacker groups. According to the report, seven advanced persistent threat groups launched more than 1.5 million cyberattacks, of which only about 150 were successful. This demonstrated the strength of India’s cyber defences.
- Proxyearth Cyberattack: In October 2025, a website and Telegram bot named Proxyearth raised serious concerns. According to HackRead, this tool claimed to retrieve complete personal details of any Indian citizen—including name, address, email, and Aadhaar number—simply by entering a mobile number. Initial investigations found much of the information to be accurate, raising serious questions about data security.
- Angel One Data Leak: Stockbroking company Angel One confirmed a data leak. Dark web monitoring revealed that client data had been illegally accessed from some of the company’s AWS resources.
- Dangerous Malware: A malware called Dance of the Hillary, allegedly spread by Pakistani hacker groups, made headlines. This virus spread through videos or documents and infiltrated systems to steal sensitive data.
- Cyberattacks on Hospitals: In June 2025, two major hospitals in Delhi were attacked, exposing vulnerabilities in the healthcare sector. Both hospitals filed FIRs under Section 66 of the IT Act.
Popular Ransomware Attacks of 2025
- July 2025: Ingram Micro, a global IT distributor, was targeted by the SafePay ransomware group, forcing the company to shut down systems and halt order processing worldwide.
- April 2025: Marks & Spencer, a British retail giant, was attacked by the Scattered Spider group, affecting more than 1,000 stores.
- NASCAR Ransomware Breach: A Medusa ransomware group attacked the US-based organisation and stole employee and raceway data.
- DaVita Ransomware Attack: DaVita, a US-based kidney care provider, was hit by a ransomware attack, which compromised the sensitive data of about 2.7 million people.
Cybersecurity Measures by the Government of India
|Institution
|Role
|CERT-In
|Responding to cyber incidents at the national level
|NCSC
|Coordinating between different agencies
|NCCC
|Monitoring the country’s cyberspace
|I4C
|Tackling cybercrimes
|NCIIPC
|Securing critical infrastructure
In addition, free tools and safety tips were provided to citizens through the Cyber Swachhta Kendra.
Changes in Telecom Cybersecurity Rules 2025
In October 2025, the Department of Telecommunications (DoT) introduced significant changes to the Telecom Cybersecurity Rules. These new rules aim to reduce curb mobile number fraud, fake accounts, and second-hand device scams. The new rules reinforce the mobile number verification platform, mandate IMEI verification before selling second-hand phones, and impose new responsibilities on companies that use mobile numbers and other telecom identifiers.
What 2025 Taught Us
The year 2025 taught us that cybersecurity is no longer optional, but essential. Government actions, new guidelines, and awareness campaigns have made people more cautious, but the threat persists. In the coming years, countries, companies, and individuals who address the digital world with caution and prudence will remain safe.
This year was both a warning and a lesson for users worldwide. It now remains to be seen how much we can learn from it.