Gyala recognized as  Sample Vendor in the Gartner's document“Emerging Tech: AI in CPS Security”  Read

Cybersecurity 2025:

Six Months That Redrew the Global Risk Map

In the first half of 2025, the cybersecurity landscape underwent a profound transformation. The frequency and sophistication of cyberattacks—particularly against critical infrastructure—reached unprecedented levels, compelling governments and organisations worldwide to redefine their strategic priorities.

This is a challenge that goes beyond technology. It concerns how governments, businesses and society choose to face—or succumb to—the new digital balance of power.

What follows is an analysis of the major trends, emblematic case studies and emerging techniques observed globally in the first six months of the year, with a dedicated focus on the Italian market.

International Case Studies

  • Attack on the Food Supply Chain (UNFI, USA)
    In June 2025, United Natural Foods Inc.—a key supplier to Whole Foods—was hit by a cyberattack that paralysed its electronic ordering systems. This disruption triggered delivery delays and shortages across North American supermarkets, revealing just how vulnerable the digital food supply chain is, and the critical dependency on single suppliers.

  • European Energy Infrastructure Targeted
    The Russian-aligned hacktivist group Z-Pentest gained notoriety with 38 attacks on industrial control systems (ICS) during Q2, primarily targeting European energy infrastructure. These operations triggered digital blackouts and had a psychological impact, with videos posted online showing real-time takeovers of industrial controls.

  • Attack on National Defense Corporation (USA)
    In March, the ransomware group Interlock exfiltrated 4.2TB of sensitive data from the National Defense Corporation, threatening the entire defence supply chain. The leak, posted on the dark web, exposed logistics, supply and military provisioning information—highlighting how strategic targets are now a central focus for attackers.

  • US Nuclear Weapons Agency Breached
    In July, the US National Nuclear Security Administration was breached via a Microsoft SharePoint vulnerability. Attributed to China-backed hackers, the attack led to unauthorised access to highly sensitive national nuclear security data.

  • Singapore Under Siege
    Also in July, an APT (Advanced Persistent Threat) group successfully infiltrated critical infrastructure in Singapore, targeting telecommunications, energy, and government systems with large-scale cyber espionage campaigns.

What These Attacks Reveal

  • No sector—be it energy, defence, food or governance—is immune: digital risk knows no boundaries.



  • APT groups are becoming more professional, adopting complex, government-backed or ideologically driven tactics.



  • There is an urgent need to strengthen supply chain defences and incident response preparedness through both technology and international cooperation.

Emerging Techniques Observed in 2025

Technology’s evolution, when not matched by defensive maturity, risks favouring attackers more than defenders. The techniques observed in 2025 confirm this concern:

  • AI-Powered Attacks
    Hackers are deploying advanced machine learning algorithms to automate and adapt intrusions. This includes highly realistic malware and phishing (including voice phishing/vishing), deepfakes and manipulated identity data.

  • Ransomware Fragmentation and Evolution
    New ransomware variants are spreading faster, aided by “ransomware-as-a-service” models that lower the technical barrier for less skilled criminal groups. There’s a growing ability to target industrial devices and edge infrastructure.

  • AI Compromise and Dataset Poisoning
    Cybercriminals are attacking AI-based security systems by injecting poisoned data into machine learning models to reduce their operational reliability.

  • Exploitation of IoT Vulnerabilities
    The explosion of Internet of Things (IoT) devices presents attackers with countless entry points for mass attacks and lateral movement across critical networks.

  • Shadow AI and Automated Social Engineering
    Adversaries use multimodal AI to profile victims at scale and automate the entire attack pipeline—from data gathering (via social scraping and OSINT) to the generation of personalised payloads and automatic data exfiltration.

  • Supply Chain and Cloud Attacks
    With increased interconnectivity—including cloud services and open-source infrastructures—attackers are focusing on third-party providers, compromising entire technological supply chains.

  • AI-Driven Phishing and Quishing (QR Phishing)
    QR codes are now manipulated for phishing campaigns, alongside AI-generated scams that make it increasingly difficult to distinguish genuine communications from forgeries.

  • Deepfake-Fuelled Identity Fraud
    AI-generated video and audio are now used not only to scam individuals, but also to bypass biometric authentication and manipulate internal corporate decision-making processes.



  • Quantum Threats and Cryptographic Advancements
    As quantum computing progresses, early attempts are emerging to bypass current encryption—signalling a rapidly expanding threat over the coming years.

The Italian Case: Europe’s Cyber Pressure Epicentre

In 2025, Italy emerged as the epicentre of cyber warfare in Europe, facing an unprecedented wave of hacker attacks in terms of intensity, continuity and critical infrastructure impact.

Despite representing just 1.8% of global GDP, Italy suffered 10% of all cyberattacks globally in H1 2025. Estimated economic damage stands at €66 billion—with projections exceeding €160 billion by 2026 in the absence of structural intervention.

Attack Volume and Impact

Surging Attacks and Targeted Sectors

  • Record Surge: In H1 alone, Italy recorded 1,549 cyber events (+53% YoY) and 346 serious incidents (+98%). June marked a peak with 433 incidents in a single month (+115% YoY)—an all-time high.
  • Primary Targets: Central and local government bodies, healthcare, energy, transport, telecoms and banks. A wave of 275 DDoS attacks over 13 consecutive days targeted 124 critical Italian assets, including ministries, airports, energy plants and IT firms.

Core Vulnerabilities and Trends

  • AI & Automation: Both state-sponsored and criminal groups employed AI-driven attacks, particularly multilingual spearphishing campaigns designed to bypass filters. Deepfakes are now used in executive-targeted social engineering campaigns, indistinguishable from real videos without advanced tools.

  • Advanced Ransomware: Still dominant, ransomware continues to cripple universities, hospitals, and public administrations, triggering cascading effects on the broader socio-economic fabric.

  • IoT and Supply Chain Exploits: Cybercriminals are leveraging pervasive IoT devices within critical networks and targeting digital supply chains by infiltrating shared management software and cloud services.

  • Botnets and Specialised Malware: Surveillance cameras have been hijacked and integrated into botnets (e.g., Eleven11bot) as launchpads for large-scale attacks.

  • Coordinated DDoS Campaigns: Groups like NoName057(16) orchestrated prolonged DDoS campaigns, using cryptocurrency incentives and gamified tactics to mobilise volunteers and professionals alike.

Ineffective security measures

  • Outdated Defences: Legacy systems, standard EDR/XDR solutions and signature-based monitoring proved ineffective against AI-powered polymorphic malware and advanced ransomware.

  • Patch Management Failures: Many incidents stemmed from unpatched known vulnerabilities (e.g., Citrix flaws), highlighting slow patching cycles.

  • Poor Supplier Oversight: Numerous attacks succeeded via digital supply chains, underscoring the need to secure the broader ecosystem—not just individual company perimeters.

  • Weak MFA and Network Segmentation: Strong authentication and segmentation, when poorly implemented, were often bypassed—enabling lateral movement and credential theft.



  • Ineffective Incident Response: Despite improvements in detection, response speed remains a structural weakness—amplifying the damage caused by attacks.

National Resilience: Priorities for the Future

Recommended actions include:

  • Adoption of Zero Trust frameworks
  • Investment in autonomous and proactive defences
  • Public–private cooperation for supply chain security
  • Ongoing training and use of advanced cyber intelligence tools

Gyala’s Perspective

The year 2025 marks a tipping point in both the perception and reality of cyber threats. The pressure on digital ecosystems—particularly in Italy—demands a shift: from reactivity to anticipation, from perimeter defence to systemic resilience.

In this context, Agger offers strategic support:

  1. Automated IT/OT Defence Against Advanced Attacks
    As AI-based attacks, ransomware-as-a-service and lateral movement techniques proliferate in OT environments, real-time detection and reaction capabilities become critical.
    Agger is the only all-in-one Italian platform capable of operating in both IT and OT environments—offering automatic response even under infrastructural isolation.

  2. Protection of Critical Infrastructure and Legacy Endpoints
    Many successful attacks exploited known vulnerabilities and outdated systems—especially in the supply chain and industrial networks.
    Agger is designed to protect legacy systems (e.g., Windows XP, industrial machines, medical devices), making it ideal for sectors such as energy, healthcare, defence, transport and public administration.

  3. 3. Compliance and Integration in Complex Infrastructures
    Maintaining compliance with frameworks such as NIS2, DORA and ACN is increasingly complex.
    Agger provides detailed asset and service mapping—supporting structured post-analysis and compliance with both national and EU regulations.

  4. Zero-Second Reaction Time
    In this new threat landscape, speed is essential.
    Agger guarantees average response times of zero seconds—automating detection, containment and remediation processes, even in highly complex environments.

  5. Protection from AI-Driven Threats and Deepfakes
    With the rise of AI-powered attacks (vishing, deepfakes, data manipulation), Agger uses military-grade AI algorithms to detect anomalous behaviour at both process and network levels, automatically blocking compromise attempts.

  6. Supply Chain Vulnerability Defence
    As highlighted, third-party supply chain attacks are on the rise.
    Agger includes a proprietary module to govern, monitor and control third-party cyber risk—establishing a protected, monitored link that prevents even unintentional attacks from suppliers.