Cyber Attacks as a Form of Intelligence Gathering
In the digital landscape of 2025, businesses are facing a significant escalation in cyber reconnaissance activities, a trend that poses a growing risk of data breaches and ransomware attacks.
According to data from InfoZashchita, there has been a dramatic surge in bot attacks on websites and APIs, with an approximately 60% rise in reconnaissance and exploitation attempts on retail and other business e-commerce platforms. The share of "reconnaissance activity" (attacks aimed at data collection, primarily on web application vulnerabilities) has increased from 6.8% to 38.65%.
This trend is part of a broader rise in automated and AI-powered attacks that exploit web applications, APIs, and online platforms to identify and exploit security flaws. Healthcare websites, a sensitive sector, experienced 100% bot attack prevalence, highlighting the intense focus on data-rich and vulnerable targets.
Attack campaigns now often blend reconnaissance to identify exploitable web application vulnerabilities with follow-on ransomware or data theft attacks. The rise of AI and machine learning enables attackers to perform advanced threat intelligence and automated vulnerability scanning, making reconnaissance faster, more adaptive, and harder to detect and block.
Cybercriminal ecosystems such as Ransomware as a Service (RaaS) leverage this reconnaissance to target vulnerable applications broadly, facilitating data exfiltration and extortion on a larger scale than before.
Tatyana Isakova, an expert in the field, notes that this trend of cyber reconnaissance resembles an intensification of activity that precedes a future sudden attack. The head of the Cyber Analytics research group at Positive Technologies, Fedor Chuzhikov, states that the share of successful attacks related to account compromise has decreased from 13% to 7% in the second quarter of 2025.
This shift in attack strategies is not limited to large-scale incidents. Retailers such as VinLab, Stolichki pharmacy network, and medical clinic Family Doctor were also targeted in cyber attacks around the same time, affecting their operations to varying degrees.
In the first half of 2025, 39% of all hacker activities in domestic companies were related to cyberespionage. Among the most popular industries, the company highlights IT, telecommunications and media, retail, and media. The large number of e-commerce platforms in retail encourages attackers to look for vulnerabilities to steal user data.
The group claiming responsibility for the unprecedented Aeroflot systems outage in July 2025 stated that hackers had been inside the corporate network for a year, gradually gaining access to the core of the infrastructure. This incident underscores the potential severity of successful cyber reconnaissance activities.
It is important to note that buying VDS-/VPS-hosting with a static Russian IP address is not a problem for an attacker from any country. As businesses navigate this increasingly complex digital terrain, protecting web applications with advanced detection, automated response, and layered security controls is essential to minimise the risks associated with cyber reconnaissance activities.
[1] Source: Web Application Attack Report 2024, Positive Technologies [2] Source: Ransomware as a Service: The Evolution and Impact, Cybersecurity Ventures [3] Source: The State of Cybersecurity 2024, Cybersecurity Insiders [4] Source: The Trends and Threats in Cybersecurity 2024, Kaspersky [5] Source: The 2024 Verizon Data Breach Investigations Report, Verizon Enterprise
Read also:
- Chicago Sports Network assigns significant task to Mobile TV Group's 56FLEX for broadcasting sports events
- Investigating Various Pacing Speeds for Polling
- Revolutionizing Sports: The Impact of Intelligent Devices Transforming the Athletic Field
- Criminals Obtained Cryptocurrency by Accessing Devices via Microphone Infiltration
