Reflecting on Cyberattacks in 2025: Ransomware, Supply Chain, and the Emerging Threat of AI

In January 2026, the latest edition of the "10 Major Information Security Threats" annually announced by the IPA (Information-technology Promotion Agency, Japan) was released. For the 11th consecutive year, Ransomware attacks took the top spot in the rankings for organizations. Supply chain attacks also remained in 2024 for the 4th consecutive year. So far, there are no surprises.

What is noteworthy is the 3rd place. Cyber risks surrounding the use of AI entered the rankings for the first time, immediately jumping into 3rd place.

10 Major Threats 2026: What Has Changed?

Let's look at the ranking for organizations.

The fact that the top two remain fixed implies, conversely, that countermeasures are not keeping pace. Ransomware attacks have shifted from simple encryption to "double extortion" types, where attackers steal data and threaten to release it. Even if the defenders prepare recovery methods, the leakage of information itself cannot be prevented. The structure makes it easy for attackers to hold the upper hand in negotiations.

The reason AI risk entered the rankings for the first time in 3rd place is that there were notable instances in 2025 where Generative AI was used in actual attacks. As a result, "Information leakage due to negligence," which was ranked last year, fell out of the top 10. However, caution is necessary as this doesn't mean leakages caused by human error have decreased.

2025: What Happened in Japan?

2025 was a year in which major Japanese companies suffered a series of ransomware damages.

Damage at Asahi Group

On September 29, Asahi Group Holdings suffered a ransomware attack. Their ordering and shipping systems were halted, causing chaos across factories and sales sites nationwide. The cause was a vulnerability in a network device at a group base. It was revealed that the attacker did not execute encryption immediately after intrusion but stayed latent for about 10 days. This is a method aimed at maximizing damage by taking time to scout the interior from intrusion to encryption.

Damage at ASKUL

On October 19, ASKUL also suffered a similar attack, temporarily halting online ordering and shipping. The impact was not limited to ASKUL alone but spread to business partners such as MUJI and LOFT, even developing into a situation where the delivery of medical-related supplies was delayed. This was a typical case where a collapse in one part of the supply chain caused damage to spread to unexpected places.

Zero-day in Active! mail and Damage at IIJ

A zero-day vulnerability was found in the webmail service Active! mail, and IIJ announced damage from unauthorized access due to an attack exploiting this. Since attacks occur while no patch exists, there are limited means for users to prevent them. The response speed to zero-day vulnerabilities directly correlates to the scale of damage.

Other Incidents

In May, PR TIMES announced the possibility of an information leak of over 900,000 items due to unauthorized access. In October, there was a possible leak of personal information for approximately 17,000 patients and 2,000 staff at Tokushima University Hospital. The scale and industries vary; attackers do not choose their targets.

Looking overseas, in the UK, Jaguar Land Rover suffered a cyberattack in August, halting production for five weeks. The damage is expected to reach £1.9 billion, with over 5,000 companies affected across the entire supply chain. Major UK retailers Marks & Spencer, Co-op, and Harrods were also targeted by ransomware around the same time.

The Era Where AI Becomes a Tool for Attack

The reason the IPA selected AI risk for the first time in its 10 Major Threats is the fact that AI has actually begun to be used in the field of attacks.

With the advent of generative AI, the quality of phishing emails has improved dramatically. Previously, when overseas attackers targeted Japan, unnatural Japanese served as a clue. Awkward honorifics, abrupt punctuation, and incorrect kanji conversions—the era when phishing could be spotted by such inconsistencies is coming to an end. This is because generative AI can be used to generate large volumes of emails in fluent Japanese.

The abuse of deepfakes is also becoming serious. In an incident that occurred in Hong Kong in early 2024, an employee of a multinational corporation was deceived by deepfake footage of the CFO during a video conference and transferred approximately 3.8 billion yen. Despite multiple participants all being fakes, the victim did not realize it until the end.

Technology has also emerged that can reproduce a specific person's voice from a mere 3-second audio sample. Attacks involving impersonating others in real-time during Zoom meetings, and "virtual kidnappings" where ransoms are demanded by forging a family member's voice, have also been reported.

According to a survey by Trend Micro, the number of detected fraudulent videos using deepfakes jumped from 4% in February 2025 to 24% in March. AI as a criminal tool is spreading rapidly.

Making these attacks possible are open-source AI models. Because they can be run in local environments, they are not subject to the constraints of terms of service, and services that undertake the bypassing of KYC checks have even appeared. The hurdle for attacks is definitely lowering.

Three Aspects of AI Risk

The IPA has organized AI risks from three perspectives.

The first is the risk on the side of using AI for business. This includes cases where employees input confidential information into generative AI, which then leaks externally. If used without understanding how the input information is handled, information can be unintentionally leaked.

The second is attacks against AI itself. This includes data poisoning, which contaminates the model's training data, and manipulation of output through prompt injection. As the number of systems incorporating AI increases, the target for attacks also expands.

The third is the advancement of attacks using AI. The aforementioned phishing and deepfakes fall into this category. The UK's NCSC warns that with the spread of generative AI, it will become impossible to distinguish between phishing and impersonation.

What to Prepare for in 2026

Ransomware will continue to be the greatest threat. According to predictions by the NTT DATA Group, a series of attack patterns—intruding by exploiting vulnerabilities in edge devices or public services, stealing credentials, and spreading damage to critical systems—will become standard.

The abuse of AI will advance further. Multimodal attacks combining text, audio, and images, as well as the abuse of agent AI that acts autonomously, are predicted. As the automation of attacks progresses, any organization, regardless of industry or size, could become a target.

Supply chain risks are also transforming. With the promotion of DX, connections between systems are increasing, strengthening the structure where a single compromise spreads damage in a chain reaction. As shown in the ASKUL case, damage can reach companies that have not been directly attacked.

Geopolitical risks also cannot be ignored. Cyberattacks involving states are becoming increasingly sophisticated, and it has been confirmed that multiple Chinese APT groups were involved in attacks exploiting a zero-day in SharePoint.

Overseas, budget cuts for CISA are becoming an issue. Due to the review of U.S. government spending, CISA personnel are being cut, potentially causing delays in the consolidation and sharing of vulnerability information. If the operation of the CVE database is also affected, it will ripple through security measures worldwide.

What Engineers Should Do Now

There is no need to be swayed by the rankings. The priority is to understand where the holes in your own systems are and take action from there.

There aren't that many concrete things you can do. That's exactly why we should return to the basics.

Keep the firmware of edge devices such as VPN equipment and firewalls up to date. Regularly check vulnerability information and shorten the lead time for applying patches. In the Asahi Group case, a vulnerability in a network device was the intrusion route. Management of edge devices is unglamorous, but if this collapses, all internal measures will be neutralized.

Make multi-factor authentication (MFA) resistant to phishing. There are an increasing number of cases where SMS authentication or TOTP (Time-based One-Time Password) are broken through real-time phishing. You should consider migrating to FIDO2 or Passkeys. Some insurance companies have even begun to require phishing-resistant MFA as a condition for underwriting cyber insurance.

Codify rules regarding the business use of AI. If you leave it to the field to decide which services can receive what kind of information without clear judgment criteria, accidents will happen.

Verify incident response procedures by actually running them, not just on paper. When a system is halted by ransomware, who will execute the recovery steps in what order? Will restoring from backup actually function? No organization can act in a real emergency without training.

Attackers will enter whenever there is a gap. Perfect defense does not exist, but you can design systems to minimize damage when an intrusion occurs. Network segmentation, principle of least privilege, and log preservation. What needs to be done hasn't changed for a long time. What has changed is the magnitude of the damage when you don't do it.