Data-stealing cyberattacks are surging – 7 ways to protect yourself and your business

2024 delivered some good news and bad news in the area of cybercrime. Malware-based ransomware attacks dropped for the third year in a row. But instances of infostealer malware grew dramatically. Those findings come from IBM X-Force’s “2025 Threat Intelligence Index” released Thursday.

First, let’s look at the good news. For the year, ransomware accounted for just 28% of malware incidents, the third annual decline in a row. This means a decrease in malware distributed in advance of ransomware attacks. At the same time, there was a drop in attacks from many high-volume malware distributors, including Emotet, TrickBot, IcedID, Qakbot, Gozi and Pikabot.

Also: Why multi-factor authentication is absolutely essential in 2025

Of course, ransomware continues to pose a significant threat. Based on an analysis of dark web activity and other factors, IBM X-Force observed a 25% rise in actual attacks last year. Among the most active ransomware families in 2024 were Akira, LockBit, Black Basta, RansomHub, and Hunters International.

However, the ongoing decline in ransomware-associated malware is still a positive trend, one that X-Force attributed to several different factors.

First, several of the high-volume malware distributors have less of a presence or have ceased operations entirely. Second, the combined efforts of many law enforcement agencies worldwide have led to the takedown of botnets that play a role in ransomware attacks. Third, more businesses have refused to pay the ransom, prompting more attackers to find other ways to make a living.

Now, onto the bad news. Cybercriminals are more apt to steal your sensitive data than hold it for ransom. That led to an 84% weekly rise in infostealers last year over 2023 and an even larger increase of 180% so far in early 2025. By tricking the recipient into clicking a link or opening a file attachment, phishing emails launch infostealer malware that captures sensitive information — most notably, account credentials.

Also: Will using a VPN help protect you from malware or ransomware?

Almost one in three infostealer attacks analyzed by X-Force in 2024 resulted in the theft of credentials. Stolen credentials are lucrative to cybercriminals as they can easily buy and sell them on dark web marketplaces. That type of exposure leaves individuals vulnerable to identity theft and puts employers at risk for more devastating types of attacks and compromises.

In 2024, the top five infostealers alone appeared in more than 8 million ads on the dark web. Each of those ads contained hundreds of stolen credentials, totaling around 1.6 billion.

Infostealers can also act as spyware, hiding on an infected PC or device to snoop on your activity and information. Once installed, they can run in the background to snap screenshots, capture your keystrokes, and retrieve your passwords. With infostealers a popular method of attack, many criminal groups use a malware-as-a-service (MaaS) model.

Also: That weird CAPTCHA could be a malware trap – here’s how to protect yourself

As attackers have grown in sophistication, the malware payloads are more cleverly disguised, making it difficult for security tools to detect them. By using advanced infostealers, a cybercriminal can quickly make off with account credentials and other sensitive data without having to maintain a backdoor or an ongoing presence.

“Cybercriminals are most often breaking in without breaking anything — capitalizing on identity gaps overflowing from complex hybrid cloud environments that offer attackers multiple access points,” said Mark Hughes, global managing partner of Cybersecurity Services at IBM. 

“Businesses need to shift away from an ad-hoc prevention mindset and focus on proactive measures such as modernizing authentication management, plugging multi-factor authentication holes, and conducting real-time threat hunting to uncover hidden threats before they expose sensitive data.”

Also: How a researcher with no malware-coding skills tricked AI into creating Chrome infostealers

To protect your business from infostealers and other types of malware, IBM X-Force offers the following recommendations:

1. Monitor the dark web. Look for information about your own company, employees, networks, and data to see what attackers know about you.

2. Train your employees. Educate your employees about phishing attacks, poor password habits, and other risks. Ensure that they know how to protect themselves and your business.

3. Set up an incident response plan. Make sure all the necessary people in your company know how to respond in the event of a cyberattack or compromise. Keep your incident response plan updated to address the latest threats targeting your industry or business.

4. Protect your sensitive data. Protect important data, whether on-premises, in the cloud, or in hybrid environments. To do this, use encryption and access controls, and make sure you monitor all data transfers.

5. Streamline your identity management tools. Identity management tools can control access to critical data but try to reduce the number of disparate and even redundant products. Ideally, you want to streamline them into an “identity fabric” approach.

Also: Why AI-powered security tools are your secret weapon against tomorrow’s attacks

6. Turn to AI. Cybercriminals use AI to craft successful attacks, so use the same technology to protect your business. With the right AI, you can often detect and respond to threats more quickly.

7. Use multi-factor authentication (MFA). Set up MFA for all employees and partners who need to access your systems and data. This will offer another level of protection if any account credentials and passwords are compromised.

Stay ahead of security news with Tech Today, delivered to your inbox every morning.