Cyber Incident Reports Up 26% Last Year... Government Warns "AI Hacking to Escalate in 2026"

2026 Cyber Threat Outlook and Major Incident Cases in 2025. Image provided by the Ministry of Science and ICT

Last year, the number of reported domestic cyber incidents increased by more than 26% compared to the previous year. As ransomware, hacking of critical everyday infrastructure, and supply chain attacks targeting open source and IoT simultaneously spread, the government is raising its level of response, anticipating that AI-based cyberattacks will become full-fledged starting in 2026.

The Ministry of Science and ICT and the Korea Internet & Security Agency released this information on January 27 through the "2025 Cyber Threat Trends and 2026 Cyber Threat Outlook Report." According to the report, the number of reported incidents in 2025 reached 2,383, a 26.3% increase from 1,887 cases in 2024. The surge was particularly notable in the second half of the year, rising from 988 cases in the second half of 2024 to 1,349 cases in the second half of 2025, a 36.5% increase, making it clear that cyber threats became increasingly concentrated toward the end of the year.

Among cyber incidents, ransomware caused service disruptions directly impacting people's daily lives, heightening the perceived risk. However, its share among all incidents was 11.5% (274 cases), which is not yet an overwhelming proportion. Still, this figure increased from the previous year's 10.3% (192 cases), reversing the previous downward trend in reports and serving as a warning sign.

The report categorized the 2025 cyber threats into three main pillars: critical everyday infrastructure, supply chain security, and the spread of ransomware. Serial hacking incidents in sectors closely tied to daily life-such as telecommunications, distribution, and finance-heightened social anxiety. Supply chain attacks exploiting open source platforms and low-cost IoT ecosystems were also prominent. There were cases where trusted open source repositories used by developers became attack vectors, and large numbers of IoT devices were distributed already infected with malware. Ransomware attacks also expanded beyond research, manufacturing, and energy sectors to education and healthcare, broadening the scope of attacks and becoming more sophisticated through coordinated attacks targeting both businesses and customers simultaneously.

The government expects these trends to become even more sophisticated in 2026. The report identified four key cyber threats for next year: AI-based attacks, exploitation of neglected assets (EOS and legacy systems), attacks on cloud environment vulnerabilities, and secondary damages using leaked personal information. In particular, it analyzed that deepfake voice and video-based phishing is likely to expand to real-time calls and video conferences, and that attacks targeting AI services themselves could become a reality.

Systems and unused assets left unattended after End-of-Service (EOS) were also identified as major attack vectors. The report warned that security gaps resulting from the end of Windows 10 support could become a catalyst for new threats. In cloud environments, attacks are expected to go beyond simple configuration errors, with the possibility of automating vulnerability detection and privilege escalation using AI, as well as launching attacks that link multiple vulnerabilities together.

The risk of secondary damages following large-scale personal information leaks also remains. Although a sense of fatigue and helplessness has spread throughout society due to a series of personal information leaks at companies such as SKT, KT, and Coupang this year, experts warn that if leaked data is combined and reprocessed, it could lead to sophisticated crimes such as voice phishing and smishing, requiring heightened vigilance.

Choi Woo-hyuk, Director of Information Security Network Policy at the Ministry of Science and ICT, stated, "Cyber threats exploiting AI and cloud vulnerabilities will become increasingly intelligent and advanced. While urging companies to strengthen responsible information security, the government will also proactively manage security blind spots through AI-based prevention and response systems."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.