Half of cyberattacks are aimed at seizing infrastructure.

      May 8, 2026 13:04 Society The Incident Monitoring and Response Center (SOC) of MegaFon conducted an analysis of recorded threats against clients. Experts studied data from 2025: almost half of the attacks are related to manipulations with corporate infrastructure. However, only 9.5% of all incidents fall into the category of high criticality. The study showed that 48.3% of incidents are related to systemic manipulations, where attackers seek to make changes to the company's infrastructure: from attempts to download suspicious files to altering system configuration settings. Such actions often precede more serious attacks and can lead to the compromise of all IT systems. Just under a third of cases (28.7%) are related to attempts to gain access to confidential data and management systems. Network reconnaissance accounts for 18.9% of all incidents. Hackers actively scan the infrastructure, using various tools to search for vulnerabilities and establish a foothold within the victim company's perimeter. As for viral threats, despite the relatively low overall percentage (4.1%), they remain a serious problem. Attackers are improving evasion methods, using sophisticated infection and malware distribution techniques. Experts highlight two main types: information-stealing malware that disguises itself as legitimate applications and targets the theft of confidential data, and ransomware that encrypts files or destroys infrastructure, demanding a ransom for recovery. More than half of the incidents fall into the low criticality category (51.5%), while 39% are classified as medium criticality events. Almost 10% are critical and require immediate response. The greatest interest in SOC is shown by manufacturers of industrial goods (23.5%), which is related to regulatory requirements and the criticality of protecting production processes. In second place are organizations from the IT and telecommunications sector (11.8%). There is a noticeable growing demand from agriculture and the agro-industrial complex (8.8%), driven by the digitization of the industry and the implementation of "smart" technologies: enterprises are building proactive defenses to reduce the risks of failures. In modern conditions, interest in security monitoring services is driven by both tightening regulatory requirements and an increase in cyberattacks. Additionally, attackers are actively incorporating artificial intelligence technologies into their tools. AI automates reconnaissance processes, generates malicious code, and adapts attacks to specific protection systems. This leads to attacks becoming more technological, and their consequences more destructive. NIA "Nizhny Novgorod" has channels on Telegram and MAX. Subscribe to stay updated on major events, exclusive materials, and operational information. Copyright © 1999—2025 NIA "Nizhny Novgorod". When reprinting, a hyperlink to NIA "Nizhny Novgorod" is mandatory. This resource may contain materials 18+