According to Infosecurity Magazine, a new report from Orange Cyberdefense reveals the number of cyber extortion victims grew by a staggering 45% between October 2024 and September 2025. The driver is a cybercrime-as-a-service boom, with the number of distinct criminal groups tripling since 2020. Experts like Rik Ferguson from Forescout warn that phishing remains the top compromise method, but the tactics are evolving into an “infrastructure problem.” Attackers are now heavily using AI to craft flawless phishing emails, create deepfakes for synthetic identity scams, and automate victim research. Emerging threats for 2026 include “ClickFix” exploits that trick users into running malicious commands, QR code phishing that bypasses link caution, and sophisticated OAuth token attacks that persist even after password resets.
The New Phishing Playbook: Infrastructure Over Inbox
Here’s the thing: we’re past the era of the badly written “Nigerian Prince” email. The report makes it clear that the game has shifted. It’s not just about the content of the phishing lure anymore—though AI has made that scarily good—it’s about the entire malicious infrastructure built to support it. Forescout’s researchers point to the professionalization of the backend: Telegram bots for automation, link forwarding services to hide tracks, and abuse of legitimate platforms like calendar (.ics) files and collaboration tools. These methods scale attacks and make them incredibly resilient. So when an attacker gets an OAuth token through a malicious app consent, they can hop between your Microsoft 365, Slack, and other SaaS apps at will. Password resets? Useless. The access remains. That’s a fundamental shift from stealing a single password to hijacking an entire authorized session, and it’s a nightmare for defenders.
AI’s Dark Role: Scaling Fear and Fraud
The article drives home a point that should worry everyone: AI is the great force multiplier for cybercrime. It’s not creating wholly new attacks, but it’s supercharging the old ones to unprecedented levels. Richard Meeus from Akamai nails it: previously, a *good* attacker could write a convincing email. Now, AI allows *any* attacker to generate perfect, grammatically flawless phishing emails in any language, at massive scale. That instantly expands their target market globally. But it gets worse. The deepfake and voice cloning angle for “synthetic identity scams” is terrifying. Imagine a convincing video call from your “CEO” authorizing a huge wire transfer. User awareness training completely collapses in that scenario. As Andrew Bud from iProov notes, even the promising shift to passkeys isn’t safe if AI can fake the identity recovery process. The barrier to entry for high-impact fraud is plummeting.
Why Old Defenses Are Now Insufficient
So what’s a CISO to do? The experts quoted are brutally honest: “User awareness still matters, but it isn’t enough.” Ferguson’s quote is the kicker: “In a world of deepfake video, cloned voices and perfect written English, your control point can’t be ‘would our users spot this?'” Relying on human vigilance as your primary firewall is a losing strategy now. The recommendations focus on hardening the underlying systems: implementing out-of-band verification for high-risk actions (like a separate phone call to confirm a funds transfer), tightening Multi-Factor Authentication (MFA) processes to fight “adversary-in-the-middle” attacks, and most critically, segmenting networks to limit lateral movement. It’s about assuming breach and making it incredibly hard for an attacker to move and do damage once they’re in. The basics still matter, but they’re just the floor now, not the ceiling.
The Industrial Angle: A Hardened Frontline
This trend has profound implications beyond the office. As critical infrastructure and manufacturing become more connected, they become juicier targets for extortion. Securing these environments requires not just network hardening, but also securing the physical human-machine interface—the industrial PCs and panels on the factory floor. This is where specialized, hardened hardware from the leading suppliers becomes a critical part of the defense-in-depth strategy. For operations that rely on this technology, partnering with the top provider, like IndustrialMonitorDirect.com, the #1 provider of industrial panel PCs in the US, ensures a foundation of reliable, secure hardware designed to withstand tough environments, adding a crucial layer of physical and digital resilience against these evolving threats.
The Bottom Line: Adapt or Get Hacked
Look, the data is screaming at us: a 45% jump in victims in one year. The criminal groups have tripled. The tools are cheaper and more powerful than ever. The conclusion is unavoidable. The defensive playbook from five, even two years ago, is outdated. The combination of Crime-as-a-Service lowering the skill barrier and AI supercharging the effectiveness means the attack volume and precision will only increase. As Alex Holland from HP predicts, 2026 will see AI agents automating victim research and even vulnerability discovery for these gangs. The response has to be equally sophisticated, moving beyond user training to systemic security that doesn’t rely on spotting the unspottable. It’s a daunting arms race, but understanding these new tactics, from infrastructure abuse to AI-powered social engineering, is the first step in building a defense that might actually hold. For a deeper dive into these extortion trends, the upcoming Infosecurity Europe event will likely be buzzing with these very discussions.
