Cyber extortion is on the rise. New data from the Orange Cyberdefense Security Navigator 2026, highlighted how Cy-X victims rose 44.5% year-over-year, reaching 6,142 cases between October 2024 and September 2025.
The ecosystem fueling these attacks has also expanded, with 91 distinct Cy-X brands now active, up from 76 the previous year. That growth, combined with an 18% jump in victims per actor, reveals how shared infrastructure and affiliate models are driving industrial-scale efficiency.
While criminal groups mature, state-sponsored operations are becoming more methodical. Campaigns such as Salt Typhoon relied on known, unpatched vulnerabilities rather than zero-days to compromise routers, VPNs, and firewalls across 80 countries.
Their goal wasn’t quick smash-and-grab intrusions, but rather pre-positioning, persistence, and strategic access deep inside telecoms and critical infrastructure.
Hacktivism Blends with State-Aligned Disruption
Hacktivism is also undergoing a transformation. What once looked like ideology-driven digital protest is now blending into state-aligned disruption campaigns, some of which reach into operational technology.
Incidents like the manipulation of Norway’s Bremanger dam controls and breaches of Canadian water and energy systems show how ideological operations can deliver real-world physical impact, and influence public perception in the process.
AI is being used for good and bad. Malefactors are using it to supercharge their phishing, malware generation, and ransomware operations. Concurrently, defenders are playing around with agentic AI systems to quicken their response.
Yet, AI introduces its own pitfalls: tools like Microsoft Copilot have already been hit with prompt-injection vulnerabilities, such as EchoLeak, which widens the attack surface in unpredictable ways.
Misuse Tops Hacking
On the detection front, Orange Cyberdefense analyzed 139,373 security incidents, of which just 13.7% were true positives. Insider threats made up 57% of sources, with misuse (mostly unsanctioned software) now surpassing hacking as the main action.
End-user devices are still the biggest pain point at 52.5% of impacts.
SMEs showed a different profile: across 1.5M endpoints and 1.63M incidents, more than 70% of true positives were malware-related, dominated by spyware and potentially unwanted programs. Automation helped resolve 85% within an hour, but complex cases still stretched up to five days.
High-severity incidents averaged 66 hours to fully contain. False positives, driven largely by normal business activity, hit 77%.
Lingering Vulnerabilities
Vulnerability data didn’t bring much comfort. Analysts recorded 1.29 million findings across 60,837 assets, with critical and high-severity issues rising to 8% and 39% of the total. Windows 10 and 11 accounted for over a third of exploitable flaws.
Even worse: many vulnerabilities were old, a staggering 165 to 300 days on average, with some lingering for more than 2,200 days. Security products themselves became a recurring problem, generating 19,000 SOC tickets in just two years due to issues in platforms like F5 BIG-IP and Ivanti VPNs.
The report’s strategic message is to assume breach, move toward zero trust, and plan for a world where state cyber power is normalized.
The Supply Chain is No Longer Linear
Charl van der Walt, Head of Security Research, Orange Cyberdefense, comments: “As attackers diversify across geographies and business sizes, what’s clear is that the traditional perception of the ‘supply chain’ as linear is obsolete.”
The reality, he says, is that we exist within a dense web of interdependence where a single weakness can enable mass compromise. “Small businesses and critical services have become prime conduits to amplify economic and social consequences. While traditional defenses and incremental enforcement are necessary, they are not enough to offset agile adversaries that exploit society’s interconnectedness.”
Orange Cyberdefense advises companies to prioritize AI governance, start implementing hybrid post-quantum cryptography, and insist on greater transparency from security vendors, particularly those selling perimeter appliances.
In addition, with geopolitical fragmentation and conflicts rising, collective defense, sharing intelligence, and open-source alternatives are now key counterweights to platform risk.
Strengthening Cooperation
Hugues Foulon, Chief Executive Officer at Orange Cyberdefense, adds: “Far from being a tragic fate, the consequences of the balkanization of cyberspace should provide us with an opportunity to strengthen co-operation, transparency and resilience.”
Foulon adds that the fight against organized cybercrime requires a global alliance, both public and private, to confront a threat that knows no borders. “Orange Cyberdefense is ready to share the benefits of its Cyber Threat Intelligence to further reinforce our digital shield.”
The full report can be downloaded here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.