The volume of data breaches grew 6% year-on-year (YoY) in 2024, fueled by double-digit increases in ransomware, compromised credentials and vulnerability exploits, according to Flashpoint.
The threat intelligence provider drew on analysis of 3.6 petabytes of data, external sources like US attorney general reports, ransomware blogs and Freedom of Information (FoI) requests to compile its 2025 Global Threat Intelligence Report.
It recorded 6670 publicly reported data breaches in the year, 63% of which were in the US, and 16.8 billion exposed records. The second and third most impacted countries were the UK and Canada, accounting for just 4% and 3.6% of the total number of incidents.
Many of these breaches will have been enabled by, but also resulted in, compromised credentials. Flashpoint recorded a 33% increase in their number on illicit marketplaces, to over 3.2 billion credentials. In the first two months of 2025, Flashpoint has found a further 200 million compromised credentials.
Read more on data breaches: Mega Data Breaches Push US Victim Count to 1.7 Billion
Three-quarters (75%) of these compromised credentials were sourced from infostealer malware. Flashpoint found 24 unique malware strains in this category, although Redline was by far the most common.
Some 69% of infostealer infections impacted corporate hosts and devices, versus 21% that affected small businesses.
“The simplicity, effectiveness, vast availability, and low overhead costs of infostealers has propelled them to become a primary vector for ransomware and high-impact data breaches that all organizations should be proactively monitoring for in 2025,” the report warned.
Flashpoint detected a 10% increase in ransomware attacks in 2024, to reach 5742 incidents. Although nothing like the 84% YoY increase experienced last year, the threat continues to cause organizations pain – especially in the highly targeted sectors of technology, manufacturing and retail.
Time to Patch
The trend is being fueled by ransomware-as-as-service (RaaS), infostealers, AI-powered phishing and vulnerability exploitation, among other factors, the report noted.
On the latter, Flashpoint analysts aggregated 37,302 vulnerabilities in 2024, a 12% YoY increase. Exploits often enable initial access for infostealer or ransomware activity, and the ease with which exploit code can be found online and potential victim systems scanned remotely makes patching an urgent priority, said Flashpoint.
“An overabundance of high to critical CVSS scores renders them insufficient for effective vulnerability prioritization,” it added. “Leveraging exploit intelligence and additional metadata, such as remote exploitability and known solutions, enables organizations to reduce their critical vulnerability workload by 83%.”