2025年X-Force威胁情报指数报告

Foreword The pattern is familiar. Organizations devoteever-growing resources to detect threats, protectnetworks, and deter disruption. And despitethis, cyberattacks continue to grow in scale,speed, and sophistication. To see things differently, we ourselves need tochange. CISOs can play a decisive role inadvocating change—starting with the C-suite andboardroom—but also raising awareness andaccountability across the organization and incollaboration with ecosystem partners. But over the past 18-24 months, there has been amarked change in tactics. Threat actors are pursuingbroader-scale campaigns—demonstrating a level ofcoordination, automation, and prowess not seenbefore—and raising the likelihood and impactassociated with operational risks. Unlike incidents ofthe past, where data breaches and reputational harmwere the greatest concern, widescale businessdisruption is now a real possibility—something everyboardroom needs to be aware of and act upon. The growing coordination and complexity of attackspoints to a need for a multifaceted and multilateralresponse. Awareness and accountability need toextend to every partner in our ecosystem—so we arestanding together. Many sentries make a vital, moresecure community. This isn’t such a radical notion. Infact, it’s exactly what cyber adversaries are doing bybuilding crime-as-a-service communities andmalware marketplaces on the dark web. When executives understand that “what happens tomy partners also happens to me,” they can take thenecessary steps to support greater supply chain andecosystem-level awareness and accountability.Coordination is critical to preventing intrusions,enabling rapid response, and mitigating the impactof attacks. Real-time threat intelligence, advancedmultilayered defense platforms, zero trust networksegmentation, and AI-powered monitoring areall essential components. A campaign conducted by Salt Typhoon, an advancedpersistent threat (APT) group, exemplifies thistroubling trend. In 2024, this threat actor groupcompromised virtually every major US telecommuni-cations provider—in addition to targets in dozens ofother countries—impacting supply chains, energyinfrastructure, transportation, healthcare, and othercritical services, including breaches of highlysensitive government systems.1 As the Salt Typhoon attack demonstrates, threatactors are becoming more proficient at hiding illicitactivity. They are massively increasing their use ofcompromised credentials to log in to networks,precluding any need to hack in. And doing so makesthis activity much harder to detect and isolate. Whenthreat actors use public cloud infrastructure, itbecomes far more difficult for cyberdefenders todiscern between safe and unsafe workloads. As stewards of trust, we are protecting not only ourorganizations and each other, but the integrity,values, and opportunities that bind us. Since 1993, IBM has gathered, analyzed, and sharedinformation and expertise about cyber attackers tohelp organizations navigate the evolving threatlandscape. The IBM X-Force 2025 Threat IntelligenceIndex focuses on observations from our expert teamof analysts, researchers, and hackers, tracking howthreat actors get in, what they do when they’re in, andthe impact caused by each breach. With theseinsights, we look forward to helping you stay one stepahead of cyberthreats, reinforce your organization’soperational resilience, and build strong, strategicpartnerships that create cyber advantage now andinto the future. The new litmus test is how well we can defend againstresourceful threat actors conducting campaign-ori-ented, supply chain attacks. While we can usestandard cyber risk practices to mitigate individualthreats, what we are seeing is the emergence of acategorically different kind of risk—one that seeks toexploit our growing reliance on interconnectivity andcommon digital services. Manufacturing is the #1-targetedindustry, four years in a row. Asia-Pacific region sees a 13%increase in attacks. Manufacturing organizations continued to experiencesignificant impacts from attacks, including extortion(29%) and data theft (24%), targeting financial assetsand intellectual property. Defying the declining trendin malware, manufacturing had the highest number ofransomware cases in 2024 as attackers continue toexploit outdated legacy technology in this industry. Asia-Pacific (APAC) experienced the largest share ofincidents in 2024 (34%). This underscores APAC’sgrowing exposure to cyberthreats, likely due to itscritical role in global supply chains and its position asa technology and manufacturing hub. Number of infostealers deliveredvia phishing emails per weekincreases by 84%. Threat actors add AIto their toolboxes. Our analysts have documented that threat actors areusing AI to build web sites and incorporate deepfakesin phishing attacks. We have also observed threatactors applying gen AI to create phishing emails andwrite malicious code.2 Year-over-year, X-Force is seeing a rise in