惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
V
Visual Studio Blog
P
Privacy International News Feed
月光博客
月光博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
Lohrmann on Cybersecurity
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
Webroot Blog
Webroot Blog
T
Threatpost
宝玉的分享
宝玉的分享
The Last Watchdog
The Last Watchdog
小众软件
小众软件
L
LINUX DO - 最新话题
C
Cisco Blogs
T
Troy Hunt's Blog
Schneier on Security
Schneier on Security
酷 壳 – CoolShell
酷 壳 – CoolShell
www.infosecurity-magazine.com
www.infosecurity-magazine.com
雷峰网
雷峰网
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Know Your Adversary
Know Your Adversary
博客园 - 叶小钗
罗磊的独立博客
V
V2EX
博客园 - Franky
P
Proofpoint News Feed
SecWiki News
SecWiki News
腾讯CDC
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
PCI Perspectives
PCI Perspectives
V2EX - 技术
V2EX - 技术
Google DeepMind News
Google DeepMind News
Last Week in AI
Last Week in AI
aimingoo的专栏
aimingoo的专栏
Cisco Talos Blog
Cisco Talos Blog
N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
SegmentFault 最新的问题

Threat Intelligence – ThreatDown by Malwarebytes

Prinz Eugen ransomware: a deep dive into a new Go-based encryptor - ThreatDown by Malwarebytes CastleRAT attack first to abuse Deno JavaScript runtime to evade enterprise security How to prevent a rootkit attack AI-orchestrated cyberattacks Inside EDR-Freeze: How ThreatDown stops the attack before it spreads EDR vs MDR vs XDR – What’s the Difference? KMSpico explained: No, KMS is not “kill Microsoft” When you shouldn’t trust a trusted root certificate - ThreatDown by Malwarebytes Ransomware in April 2025—RansomHub is gone Ransomware in March 2025
Machine-scale cybercrime: The 2026 State of Malware report
Mark Stockley · 2026-02-03 · via Threat Intelligence – ThreatDown by Malwarebytes
2026 State of Malware report

Machine-scale cybercrime: The 2026 State of Malware report

The ThreatDown 2026 State of Malware report captures a unique moment of transition—when the established world of human-driven intrusion meets the emerging machine-driven future.

Key Takeaways

  • Malware is dead; hands-on-keyboard attacks dominate
  • AI-driven cybercrime has crossed from speculation to reality
  • The effects of cyberattacks are now felt in the physical world
  • SMEs face the same threats as enterprises

Released today, the ThreatDown 2026 State of Malware report captures a unique moment of transition—when the established world of human-driven intrusion meets the emerging machine-driven future. It explores how the threat landscape is being reshaped by AI, what it means for defenders, and how organizations can prepare for a year when human hackers will hand their playbooks over to tireless machine adversaries that learn, adapt, and scale on their own.

The 2026 State of Malware details the critical lessons that organizations can learn from 2025, and how the threat landscape is likely to change again in 2026:

The cost of cyberattacks is measured in shuttered factories

2025 showed clearly that the effects of cyberattacks now extend far beyond encrypted files and ransom payments. For example, in May, ransomware triggered a technology blackout across Kettering Health’s 14-hospital system in Ohio; in June, an attack on United Natural Foods emptied grocery shelves at 30,000 stores; and in August, a cyberattack brought Jaguar Land Rover’s global auto production to a halt for five weeks, affecting facilities in the UK, China, Slovakia, India, and Brazil.

And the problem of collateral damage is not limited to enterprises. Hiscox data from 2025 shows that 80% of SMEs hit by ransomware paid a ransom, but only 60% recovered their data, while one in three faced substantial fines and nearly 30% reported declines in sales, customer trust, or new-business opportunities.

The commoditization of ransomware and a growing library of turnkey attack methods means that small and medium size enterprises (SMEs) must repel the same threat actors as larger organizations with fewer resources and disproportionately greater consequences.

Ransomware detections by ThreatDown MDR

AI enters the fray

2025 marked the moment when hype and speculation about AI in cybercrime gave way to reality. Deepfakes became standard social engineering tools, while OpenAI CEO, Sam Altman, warned that AI had “fully defeated” the advanced voice and face authentication schemes used by banks.

In August, the first autonomous ransomware campaigns were detected by Anthropic, when a threat actor used the company’s Claude Code agent to automate attacks against multiple targets, including organizations in the healthcare and defense sectors. The agent conducted reconnaissance across thousands of VPN endpoints, harvested credentials, penetrated networks, analyzed stolen data, and even generated tailored ransom notes.

More sophisticated attacks followed, and by the end of the year threat actors had demonstrated that AI agents could cooperate to conduct multiple, complex intrusions simultaneously, with minimal human oversight.

Speed, stealth, and the shrinking window to respond

The defining characteristics of modern intrusions are speed and stealth. Dwell times have collapsed as attackers compress multi-stage attacks into hours to outrun human detection and response. By moving faster, attackers generate fewer alerts, exploit gaps in overnight and weekend coverage, and complete critical stages of an intrusion before defenders can intervene.

This acceleration is paired with a strong emphasis on stealth. Rather than deploying noisy malware, attackers increasingly “live off the land,” blending into normal IT activity by abusing legitimate tools, stolen credentials, and remote monitoring software. Unmanaged systems, shadow IT, and unsupported endpoints have become staging grounds where attackers can harvest credentials, disable defenses, and launch ransomware remotely without being seen.

The result is a fundamental shift in the defender’s challenge. Security teams are no longer racing to stop a single piece of malware, but to identify malicious intent hidden inside routine administrative behavior—often unfolding at machine speed. As AI-driven attacks mature in 2026, organizations that rely on delayed patch cycles, incomplete visibility, or reactive response will find that the window to detect and stop an intrusion has already closed.

To discover the security lessons you can learn from 2025, and what you need to know to defend your organization in 2026, download the full report