ESET’s view on the threat landscape in H1 2025: Deathmatch or a whole new playing field?

Harm Teunis | Security Evangelist & Technical Writer, ESET in The Netherlands

Today’s digital threats are no longer abstract risks, they are tangible, personal, and evolving faster than ever before. The ESET Threat Report H1 2025 offers a view of a cyber landscape that balances between hyper-aggressive ransomware, advanced social engineering, and surprising technological developments. What can we learn from this? And how can we strengthen the resilience of our digital society together?

The threats that are changing the game

The first half of 2025 was marked by a notable shift in the threat landscape. The rise of so-called ClickFix attacks, a new social engineering tactic in which users are lured into activating malware themselves, shows how subtle and sophisticated attacks have become. Fake CAPTCHAs, combined with PowerShell commands, spread Lumma Stealer and other info stealers at a shocking pace: an increase of 517% compared to the end of 2024.

At the same time, the ransomware world turned into a true deathmatch arena. The number of attacks rose by 15%, while the number of groups exploded to 96, and yet total ransomware payments actually dropped by 35%. The clashes between groups (think RansomHub versus DragonForce) and the emergence of so-called EDR killers illustrate a power struggle in which innovation, intimidation, and sabotage go hand in hand.

Trends in the cybersecurity industry: from NFC malware to self-reinforcing crime

In addition to the increased threats, we also see clear trends. One of these is the misuse of technological innovations such as NFC. Tools like NFCGate, originally intended for research, are now being integrated into malware like NGate and GhostTap. Cybercriminals use these technologies to withdraw money remotely or make contactless payments using stolen data. In the first half of 2025, dozens of such attacks were recorded each week.

Another notable trend is the professionalization of cybercrime. Malware-as-a-Service is becoming increasingly accessible, as seen with tools like SupercardX. The influence of state actors also remains visible. North Korean groups such as Deceptive Development are deploying ClickFix tactics in fake job application procedures, a strategy that is difficult to detect and highly effective.

Addressing cybersecurity challenges and opportunities the ESET way

Today’s threats are too big, too smart, and too fast to fight alone. Cybersecurity is increasingly about collaboration, knowledge sharing, and strengthening the entire chain. In this context, ESET actively participates in international disruption operations, such as those against the malware families Lumma Stealer and Danabot. By sharing technical analyses, mapping C&C servers, and providing insights from millions of detections, criminal networks were effectively disrupted. It is precisely by sharing knowledge openly and developing technologies jointly that we build a resilient digital Europe.

ESET’s European foundation plays an important role in this. As an independent cybersecurity provider within the EU, ESET can fully focus on long-term security and public values, rather than shareholder interests. This creates a foundation of trust, essential in collaborations involving sensitive data, national infrastructures, and strategic technologies.

But these challenges also bring opportunities. Collaboration creates space for innovation, for new standards in digital resilience, and for strengthening European autonomy in technology and cyber defense. Instead of constantly chasing threats, we can build a proactive digital future together. Not only safer, but also smarter, fairer, and more resilient.

Cybersec Netherlands: where knowledge and collaboration come together

In a landscape where attackers collaborate, defenders cannot afford to operate in isolation. Cybersecurity is no longer just about technology, it is a chain, and the strength of that chain is determined by collaboration, insight, and continuous learning.

Cybersec Netherlands offers exactly that: a meeting place where CISOs, IT managers, experts, and service providers come together to share strategies, discover new technologies, and deepen insights. For ESET, it is the perfect opportunity to show that European technology is essential for a secure digital future.

We warmly invite you to join us at stand 11.D010. Meet our experts, share your experiences, and explore how we can build digital resilience together.

Download the full ESET Threat Report H1 2025 here.

As cyber attacks continue to threaten today’s tech landscape, this event is the premier platform for seasoned cyber security professionals and innovative start-ups to exchange knowledge and tackle cybersecurity challenges together. Organizations across all sectors will discover strategies to boost cyber resilience and safeguard critical assets. Don’t miss this chance to strengthen your cyber defenses—register for free now!