Cyber War Escalation: Generative AI & VPN Flaws Fuel 90% of All Attacks

by ddos · October 31, 2025

The 2025 At-Bay InsurSec Rankings report recorded a sharp surge in cyberattacks linked to email and remote access—two channels responsible for nearly 90% of all incidents among the company’s clients. Analysts highlight that generative AI has become the primary catalyst behind the evolution of phishing and corporate fraud, while VPN devices have emerged as some of the most perilous components of modern infrastructure.

In 2024, the frequency of insurance claims related to malicious emails rose by 30%, marking a 3.5-fold increase since 2021. Email accounted for 43% of all attacks and 83% of financial fraud cases. The average amount transferred to attackers reached $286,000, with some incidents exceeding $5 million. Manufacturing enterprises proved the most vulnerable, experiencing a 62% annual increase in cyber incidents. According to At-Bay, such companies are three times more likely to fall victim to phishing than those in the technology sector.

A comparison of email platforms revealed that Google Workspace maintained its lead for the third consecutive year in resilience against attacks, while Microsoft 365 continued to lag behind. Nearly all dedicated email filtering solutions performed worse than in the previous year, with incident rates among their users increasing by an average of 53%. The sole exception was Sophos, which improved its results through early adoption of Natural Language Processing (NLP). At-Bay’s experiments demonstrated that most traditional Secure Email Gateway (SEG) systems failed to detect modern schemes devoid of malicious links or attachments, instead relying on invoice manipulation and insertion into legitimate correspondence threads.

Special attention in the report is given to the transition from SEG gateways to Integrated Cloud Email Security (ICES) solutions, which connect via API and offer superior contextual analysis of messages. At-Bay notes that these systems are already capable of blocking domain spoofing, insider attacks, and data exfiltration from compromised inboxes. The company predicts that their efficiency will further increase as AI models are integrated to analyze the tone and structure of corporate communications.

The second section of the report focuses on remote access, where the statistics appear even more alarming: 80% of ransomware incidents in 2024 originated from compromised remote connection tools, 83% of which involved VPN devices. Users of Cisco ASA SSL VPN and Citrix SSL VPN solutions were attacked 6.8 times more often than organizations without VPNs, and the use of any on-premise VPN increased the risk of infection nearly fourfold. SonicWall devices saw a 300% spike in ransomware attacks by the Akira group during the third quarter of 2025. In half of those cases, Endpoint Detection and Response (EDR) solutions failed, with only managed MDR services able to halt infections before encryption occurred.

Researchers attribute the surge in attacks to the growing complexity of Next Generation Firewall (NGFW) architectures, which now combine routing, proxy, and VPN functionalities. The number of high-severity vulnerabilities among leading vendors—including Fortinet, Palo Alto, Cisco, Citrix, and SonicWall—continues to rise; Fortinet alone has recorded over 500 security flaws between 2020 and 2025. At-Bay does not rule out that attackers are already exploiting zero-day vulnerabilities, particularly in SonicWall systems.

As a mitigation strategy, At-Bay recommends abandoning traditional VPNs in favor of Secure Access Service Edge (SASE) architecture, where updates are applied centrally and access to corporate resources is mediated through a cloud-based gateway, eliminating the “front door” exposure. If migration is not feasible, experts advise implementing at least a managed MDR service to ensure round-the-clock connection monitoring.

In conclusion, At-Bay underscores that the pace of cyberthreat evolution now surpasses the speed at which most security systems are modernized. Only a combination of AI-driven solutions, continuous monitoring, and employee retraining can keep risk under control. Otherwise, businesses face not only financial losses but also irreparable reputational damage—the kind that even insurance can no longer fully offset.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal