Cybercrime hits record levels in 2024, as AI makes attacks more targeted

In the time it takes to read the headline of this story, cybercriminals around the world will have attempted more than 3,000 cyberattacks. They will target both famous and anonymous users across various platforms, as well as small businesses from Buenos Aires to Mérida, and major corporations in San Francisco and Hong Kong. Public institutions, including hospitals and government ministries, will also be at risk. Three main forces will drive these attacks: espionage, ideology, and financial gain.

In 2024, cybercrime reached unprecedented levels, with losses totaling €10 billion ($10.4 billion) — double the amount of the previous year. Cybercrime has now become the third-largest global economy, following only the United States and China. By the end of 2024, it has solidified its position as an unstoppable force, with one in five crimes worldwide being committed online. In Spain alone, 25% of all reported crimes occurred on the internet in 2024, with more than 80% of those being scams. The trend is expected to continue, with the Civil Guard’s Cybersecurity Coordination predicting that complaints will rise to 150,000 in 2025.

These figures have positioned Spain as the fifth most affected country globally, with a total of 58 major ransomware attacks — malicious programs designed to hijack data and disrupt online services — recorded in the first half of 2024. This marks a 38% increase compared to the same period in 2023, according to a report by cybersecurity firm S21sec.

The year 2024 has also seen another alarming milestone: the largest ransom payment ever made to cybercriminals to regain control of a company’s systems. The payment was €72 million ($75 million), nearly double the previous highest known ransom, at least publicly, as reported by ThreatLabz, although the targeted company remains unidentified. While exact statistics on how many organizations pay ransoms are hard to come by, security firm Veeam estimates that 76% of those affected opt to pay the demanded amounts. In this environment, no one appears to be safe from cyber threats.

“Cyberattackers are reinventing themselves every year and adapting to new trends,” explains Angela Garcia, a helpline technician at Spain’s National Institute of Cybersecurity (INCIBE). “The type of attack we register changes depending on the time of year. Now, in December, during the holiday season, we see a lot of fraud related to online purchases or fraudulent virtual stores.”

The expert further explains that social engineering remains the most common method used to commit cybercrimes. This technique manipulates individuals into revealing confidential information or performing actions such as clicking on malicious links or downloading infected files. Cybercriminals exploit trust, curiosity, or fear to steal information, which ultimately leads to financial gain. The most common example is phishing, where a user receives fake emails from individuals posing as legitimate companies — like Google or a bank — or even as friends or family members, in an effort to steal passwords or, in some cases, money.

Reinvention

Marc Rivero, a senior researcher at digital security firm Kaspersky, points out that 2024 has been marked by a surge in credential theft. “Most commonly, criminals use malware that steals passwords stored in the user’s browser or computer,” he explains. These stolen credentials are then used months later to orchestrate more sophisticated attacks on larger organizations. “Imagine an employee using corporate credentials on a personal computer. The credentials are stolen without the employee realizing it and later used to attack their company,” Rivero explains.

García points out that “cybercriminals have two main objectives: to steal data or money.” According to the expert, stealing data will ultimately lead to financial gain, “either because the data will be sold on the black market or used for other types of fraud, in which the victim will suffer some kind of financial loss.”

Spanish companies invest around €1.2 billion in cybersecurity. However, there’s a disparity: 90% of this spending comes from large companies, while small and medium-sized enterprises make minimal investments, leaving them vulnerable to attacks.

According to the ThreatLabz report, the industrial manufacturing sector has been the most targeted this year, followed by healthcare and technology sectors — critical industries that have, in some cases, experienced severe operational disruptions, even leading to total work stoppage.

The energy sector, in particular, has seen a sharp increase in attacks, especially in Europe and the United States, as its valuable data makes it a strategic target. One notable example occurred in September, when energy company Repsol suffered a cyberattack on its electricity and gas customer database in Spain. Another case, in May, saw Iberdrola leak the personal information of 850,000 customers in Spain. In Mexico, a report in April revealed that 39% of cyber threats targeted energy companies, with the trend also growing across Latin America throughout the year.

AI boosting cyberattacks

Artificial intelligence has become a crucial player in the evolution of cybercrime. “Its role has been to perfect how the message reaches the victim,” says Rivero. In essence, AI has helped tailor attacks to their specific target audience, making scams more credible and almost personalized. “AI has refined existing techniques,” Rivero adds.

García notes that AI has also advanced cybercriminals’ ability to impersonate voices, a method known as “vishing” that gained prominence in 2024. This technique is used to trick users into granting hackers access to corporate environments, allowing them to extract sensitive data or infect computers with malware.

Looking ahead, this issue is expected to worsen. By 2025, generative AI is likely to become even more integrated into cyberattacks, enabling criminals to craft emails with perfect grammar and spelling and use voice cloning with local accents. These advancements will boost the credibility of scams and likely increase their success rate. A Zscaler report predicts that ransomware attacks targeting high-value, multi-million-dollar companies will rise, with criminals seeking larger ransoms from specific, high-value targets. Virtual retailing is expected to decline.

The health sector is another prime target, as these organizations handle sensitive and valuable data. Rivero warns that “zero-day” vulnerabilities — new system flaws that manufacturers haven’t yet patched — will continue to be exploited. “They have taken advantage of these a lot and will keep doing so,” he explains.

As cybercriminals continuously improve their attack techniques, cybersecurity experts are also advancing their defenses. “The most effective way is to maintain regular and up-to-date security patches. Changing and rotating passwords is also a good method to mitigate threats, and training is essential,” says Rivero. He believes there’s still much work to be done on prevention. “Taking care of our computer systems is just as important as taking care of our bodies doing exercise,” he concludes.

García emphasizes a more basic, yet crucial, approach: common sense. “If we stop to read the information we’re being shown or think about what we’re hearing or reading, we could avoid many frauds. We must learn to be critical of the information we receive,” she advises.

Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition