Cybercrime, scams, and surveillance: The dark side of digital growth

The year 2025 will be remembered not for breakthroughs in digital convenience, but for the relentless exposure of vulnerabilities that underpin modern life. From billion-dollar crypto thefts to deepfake-enabled fraud, the dark side of digital growth revealed itself in every sector and every region. Cybercrime scaled like a global enterprise, scams adapted with alarming speed, and surveillance crept further into daily routines.

This is the story of a year when the digital economy's fragility became impossible to ignore.

January: Ransomware sets the tone
On 15 January, China‑linked groups Salt Typhoon and Operator Panda allegedly breached telecommunications firms worldwide, operating undetected for months. Hospitals in Europe and North America started reporting delays in patient scheduling after ransomware encrypted servers. On 25 January, Marks & Spencer struggled with gift card processing and online deliveries, following a third‑party compromise. Banks in Asia reported lockouts on consumer apps after credential stuffing spikes.

January's incidents showed how phishing and stolen sessions opened doors, while ransomware amplified disruption into public embarrassment. The message was clear: 2025 would not be a year of respite.

February: Crypto thefts and consumer data breaches
On 6 February, cryptocurrency exchange Bybit admitted that hackers drained its ETH cold wallet, stealing around $1.46 billion. On 12 February, food‑delivery platform Grubhub reported stolen customer, driver, and merchant data. On 18 February, DISA Global Solutions disclosed a breach affecting approximately 3.3 million people. Across Asia‑Pacific region, industrial manufacturers started facing spear‑phishing campaigns delivering FatalRAT malware.

February underscored how widely reused components and supplier connections can turn one weak link into a broad compromise.

March: Platforms and academia under siege
On 3 March, New York University (NYU) reported unauthorised access to research repositories. On 10 March, the Polish Space Agency disclosed tampering in a contractor's CI/CD pipeline. On 15 March, blockchain gaming platform WEMIX faced DDoS and brute‑force attacks. On 20 March, GitHub Actions and npm dependencies were abused to spread malware.
March confirmed that identity and build pipelines are part of the true attack surface, not just end-user applications.

April: Retail and email platforms compromised
On 5 April, Marks & Spencer reported delivery delays after payment tokenisation services failed. On 12 April, marketing email platforms including Mailchimp, SendGrid, HubSpot, Mailgun, and Zoho faced account takeovers. On 20 April, car rental giant Hertz began notifying customers of a breach affecting personal data.

April highlighted how attackers weaponise trust to devastating effect.

May: Infrastructure warnings and takedowns
On 8 May, CISA warned that actors were targeting oil and gas infrastructure. On 15 May, international police dismantled 300 ransomware servers and issued indictments. On 22 May, a suspected Chinese malware campaign used Google Calendar and fake images to infiltrate government networks. On 28 May, UK retailers reported checkout glitches tied to credential reuse.

May illustrated the dual motion of the year: deeper cross-border enforcement against service-model crime, yet persistent stealth intrusions that slipped through routine monitoring.

June: Cross-sector exposure
On 4 June, food distributor United Natural Foods Inc (UNFI) suffered unauthorised access, disrupting warehouse scheduling. On 10 June, The North Face and Cartier disclosed customer data exposures. On 15 June, mobility platform ZoomCar reported account compromises. On 20 June, healthcare analytics firm Episource admitted to a ransomware attack affecting 5.4 million people. On 25 June, WestJet faced loyalty programme siphoning, while the Washington Post tightened access after a contractor account was abused.

June's breadth of victims showed that operational friction, delays, cancellations, and privacy notices were the defining features of midyear coverage.

July: Zero-days and deepfakes
On 3 July, Dell reported leaked design files. On 8 July, Louis Vuitton disclosed spear‑phishing of procurement teams. On 12 July, the US Nuclear Weapons Agency was compromised via a SharePoint zero‑day exploited by Storm‑2603. On 18 July, npm and PyPI registries were seeded with malicious packages. On 25 July, Iranian spyware DCHSpy exfiltrated WhatsApp data via fake VPN apps. On 30 July, authorities dismantled the NoName057(16) botnet.

July confirmed that technical exploits and social engineering now operate hand in hand.

August: Multi-industry sweeps and seizures
On 5 August, insurers Allianz and Farmers Insurance disclosed breaches exposing policyholder data. On 10 August, Chanel and Pandora reported fraudulent orders. On 15 August, airlines Aeroflot and Air France‑KLM faced loyalty programme siphoning. On 20 August, TransUnion investigated API abuse, scraping identity records. On 25 August, HR platform Workday found a third‑party integration exfiltrating employee data. On 28 August, law enforcement dismantled VerifTools, seizing 23 servers.

August highlighted dependence on session management and vendor governance, and the impact of financial infrastructure cooperation on scam proceeds.

September: Crackdowns and reforms
On 7 September, Interpol's Operation Contender 3.0 arrested 260 suspects across 14 African nations. On 15 September, European investigators shut down a crypto fraud ring worth €100 million. On 22 September, CISA announced reforms to improve CVE data quality.

September showed both the promise of coordinated enforcement and the agility of fraud ecosystems to iterate.

October: Losses mount, visibility gaps exposed
On 10 October, global analyses kept cybercrime damages at $10.5 trillion. On 18 October, post‑incident reviews cited weak internal visibility as multipliers of breach impact.

October reinforced that visibility is not a luxury but a necessity.

November: AI misuse accelerates scams
On 6 November, trust and safety teams reported widespread misuse of AI in scams. On 12 November, surveys showed 57% of adults experienced a scam attempt, with 23% reporting monetary loss. On 20 November, banks piloted step‑up verification tied to transaction patterns.

November underscored how social engineering adapts to available technology, and how defences must centre identity, sessions, and user comprehension.

December: DeFi exploits and retrospectives
On 5 December, a DeFi protocol reported losses after an exploit drained $9 million. On 10 December, NAHGA Claim Services disclosed a breach affecting 46,372 people. On 12 December, 700Credit reported 709,406 records stolen. On 15 December, Farmers Insurance admitted 178,153 records exposed. On 18 December, Anchorage Neighborhood Health Center revealed 70,555 patient records compromised. On 20 December, Dartmouth College reported 98,990 records leaked. On 22 December, Prosper Technology disclosed a breach affecting 1.3 million users.

December closed the year on a sober note: industrialised crime stacks, agile social engineering, and uneven defence maturity kept pressure high across industries.

2025 in a nutshell

Across 2025, cybercrime scaled like a global enterprise. Ransomware remained the most visible disruptor, but scams and fraud drained billions quietly. Surveillance expanded as platforms tightened fraud detection, deepening behavioural telemetry pipelines. Governments escalated task forces and takedowns, but results were uneven.

The vulnerabilities exposed this year were systemic weaknesses in identity management, vendor governance, and user comprehension. Attackers exploited trust, scale, and invisibility. Defenders struggled with visibility, resilience, and coordination.

The dark side of digital growth is not a future threat. It is the present reality. 2025 proved that cybercrime is no longer a series of incidents; it is an economy, rivalled only by nations in scale. The challenge for 2026 will be whether societies can harden identity, enforce visibility, and reclaim trust before the next wave of industrialised crime arrives.