Mixed Cybersecurity Roundup: AI-Enabled Crypto Fraud, DDoS Campaigns, and 2026 Risk Predictions
Reporting in this set is not a single coherent incident; it is a mixed roundup dominated by (1) AI-enabled cryptocurrency fraud and (2) DDoS activity and botnet trends, alongside several forward-looking or non-incident items. Chainalysis-linked coverage describes industrialized crypto crime, including an estimate of $17B in 2025 crypto-scam losses and a sharp rise in AI-driven impersonation/deepfake tactics, with links to organized crime networks and forced-labor scam compounds in Cambodia and Myanmar; separate reporting notes a $26.44M theft from the Ethereum-based Truebit protocol, with Truebit urging users to avoid a compromised smart contract while investigations continue. In parallel, threat reporting highlights large-scale DDoS: Cloudflare’s mitigation of a 29.7 Tbps burst attributed to the AISURU botnet-for-hire (plus a 14.1 Bpps event and an estimated 1–4M infected hosts), and a concentrated NoName057(16)/DDoSia campaign against the UK (1,812 attack entries targeting 86 domains/87 IPs, heavily hitting government and some critical infrastructure, with port 443 most targeted). Spamhaus also reports a 24% increase in botnet C2 activity in 2H 2025, with RATs comprising a large share of top botnet-associated malware.
Several items are not incident-driven and should be treated as lower-signal for operational response: SC Media and Security Boulevard pieces largely provide 2026 predictions/opinion on agentic AI, non-human identities (NHIs), and deepfakes as governance/identity risks; Dark Reading and CIO discuss regulatory/compliance and IT leadership challenges; TechTarget lists 2026 conferences; and two Substack posts are general news roundup/essay content (one recounting lessons from Ukraine’s cyber conflict, including the Kyivstar destructive attack narrative). For CISOs, the actionable takeaways across the incident-focused items are: expect continued growth in AI-assisted social engineering and deepfake fraud impacting financial loss and brand trust; maintain smart-contract incident playbooks for rapid user guidance; and harden DDoS readiness (capacity planning, upstream mitigation, and monitoring) given both record-scale botnet bursts and geopolitically motivated DDoS targeting government and critical infrastructure.
Related Entities
Organizations
Sources
Related Stories
Predictions and guidance on AI-driven cyber risk and emerging threats in 2026
Commentary from *Dark Reading* and the *Resilient Cyber* newsletter highlights **agentic AI** and broader **AI-enabled social engineering (including deepfakes)** as growing enterprise attack-surface concerns heading into 2026, alongside continued emphasis on fundamentals like vulnerability management. A *Dark Reading* readership poll framed agentic AI as the most likely major security trend for 2026, reflecting expectations that increasingly autonomous systems will become attractive targets and/or tools for cybercrime. A separate *Dark Reading* “Reporters’ Notebook” discussion urged security leaders to prioritize practical steps for 2026, including improving resilience against **phishing/social engineering**, accelerating **patching**, and preparing for **quantum-era cryptography** transitions. The *Resilient Cyber* newsletter echoed the “inflection point” theme for operationalizing AI security, citing model-provider discussions (e.g., OpenAI’s Cyber Preparedness Framework and Anthropic’s reporting on abuse) and arguing that defenders will need to adopt AI capabilities to keep pace with attackers, while acknowledging that guardrails can be bypassed and that AI-driven fraud (e.g., deepfake phishing) is already a near-term risk.
1 months ago
AI-driven shifts in cybersecurity: agentic AI risks, AI-assisted offensive tradecraft, and evolving cybercriminal ecosystems
Security reporting and research highlighted how **AI and automation are reshaping both attacker tradecraft and defender operations**, while introducing new enterprise risk. ZDNET described research findings that **agentic AI implementations** from *ServiceNow* and *Microsoft* can be **exploitable**, warning that broadly permissioned agents could enable **lateral movement and privilege escalation** across systems of record if an attacker compromises an agent or chains between agents with different access levels; a **least-privilege** posture for agents was emphasized. Dark Reading separately reported that **AI agents are increasingly augmenting—and in some cases supplanting—human penetration testing** for “low-hanging” vulnerabilities, but that **false positives and the need for human oversight** remain material constraints as agentic testing matures. Threat-intelligence coverage also underscored the **industrialization of cybercrime** and the ecosystems enabling it. CloudSEK detailed the evolution of the English-speaking cybercriminal milieu known as **“The COM,”** tracing its roots in OG-handle trading communities and forum migrations into a service-oriented underground linked to groups such as **Lapsus$**, **ShinyHunters**, **Scattered Spider (UNC3944)**, and **Silent Ransom Group**, and associated activity spanning breaches, extortion, SIM swapping, ransomware, and crypto fraud. SC Media’s commentary similarly described a cyber underground where criminals can readily buy capabilities (credentials, tooling, automation), calling out techniques including **carding** and **ClickFix** social engineering that tricks users into running copied commands to install infostealers. Separately, Dark Reading reported allegations that the **Chronus Group** posted **2.3TB** of purported Mexican government data affecting up to **36 million** people, while Mexico’s **ATDT** disputed it as largely **repackaged data from prior breaches** and said no new sensitive accounts were identified and that impacted systems were primarily **obsolete, third-party-administered** state-level platforms.
1 months ago
Annual threat reports highlight faster intrusions and expanding cloud-focused attacker activity
CrowdStrike’s 2025 global threat reporting says financially motivated intrusions are accelerating, with **average breakout time** (lateral movement after initial access) dropping to **29 minutes** and the fastest observed breakout time at **27 seconds**; the report also describes attackers increasingly using **social engineering**, **living-off-the-land** techniques, and abuse of **trusted systems** to move across *cloud, identity, enterprise,* and unmanaged device boundaries, alongside a reported **37% year-over-year increase** in cloud-focused attacks and a growing set of tracked adversaries (281 named groups plus additional activity clusters). Check Point Research’s 2025 retrospective similarly emphasizes that many 2025 operations relied on **familiar techniques combined in new ways**, highlighting themes such as early **ToolShell** exploitation assessed as Chinese-nexus activity against North American government targets and **identity-centric** intrusions (including **AiTM** credential theft) against US think-tank researchers. Several other items in the set are not about these annual threat-report findings and instead cover separate topics: Romania’s cyber chief warning that ransomware incidents against critical infrastructure may align with **Russian hybrid objectives**; sector-level reporting that **manufacturing** remains heavily targeted by ransomware due to IT/OT interconnectivity and downtime pressure; and US law-enforcement/FBI reporting on a surge in **ATM jackpotting** losses and related indictments. Additional entries are primarily **generic commentary, newsletters, or professional/educational content** (e.g., quantum-preparedness opinion, Enigma/RSAC history piece, a weekly video briefing, a malware-newsletter link roundup, a recon how-to article, and a governance/career feature page) and do not substantively corroborate the specific annual threat-report story.
3 weeks ago