AI-powered cyber attacks drive over 200% spike in global threats

Over 2.5 billion cyberthreats were recorded between January and March 2025, which represented a 201.85% increase from the threat events detected in the previous period, October–December 2024.

Inadequate patching of systems, low user awareness of various threat vectors including phishing and other forms of social engineering attacks, and the increasing use of AI-driven attacks and machine learning technologies are among the reasons for the rise in cyber threats that have been detected.

“These ongoing global trends are largely driven by the rapid growth of Internet of Things (IoT) devices, which often lack comprehensive security features. Additionally, the continued widespread utilisation of botnets and other DDoS attack techniques have also contributed significantly to these trends. Botnets remain a key tool for malicious actors due to their decentralised structure, making them highly effective for large-scale attacks,” David Mugonyi, the CEO of the Communications Authority of Kenya (CA), said.

One of the most alarming findings in the report is the exploitation of high-profile vulnerabilities before they were patched. Notably, the FortiManager missing authentication flaw (CVE-2024-47575) and a zero-day vulnerability in Windows’ Common Log File System (CVE-2024-49138) were actively being exploited by hackers, underscoring the risks even within widely trusted digital systems.

The report also details a sharp increase in brute force and web application attacks. Cyber criminals are increasingly turning to credential stuffing and software injection methods in pursuit of login credentials and unauthorised server access, reflecting a growing appetite for sensitive data and control over digital infrastructure.

Distributed Denial-of-Service (DDoS) attacks dropped by 75.63%, a change attributed to the enhanced mitigation strategies now employed across key sectors such as government and healthcare. However, this decline may be temporary. The report warns that the availability of “DDoS-as-a-Service” — with services being sold for as little as US$5 an hour — could fuel a resurgence in the near future.

Artificial Intelligence (AI) emerged as both a weapon and a shield. On one hand, threat actors are using AI to bolster phishing attempts and create convincing deep fake scams. On the other, organisations that have embraced AI-driven threat detection and response systems are better equipped to fend off these evolving attacks.

According to KE-CIRT/CC, 13.2 million cyber threat advisories were issued during the quarter, marking a 14% increase compared to the previous period. The agency is urging organisations to adopt zero-trust frameworks, reinforce access control policies, and invest in comprehensive cyber security training for their personnel.

“As the digital landscape evolves, so must our cyber defences. Let this year be one of increased awareness, collaboration and resilience in the face of emerging and persistent cyber threats,” said Mr Mugonyi, a senior official at the Communications Authority.

Other Topics To Read

• Technology
• Infographics
• phishing
• Internet of Things
• Cyberthreats
• AI-driven attacks
• Social engineering attacks
• Machine learning technologies
• Windows’ Common Log File System
• DDoS attack
• AI-powered cyber attacks drive over 200% spike in global threats
• News