The biggest threat to global security is the cybercrime "industry", whose estimated revenues for 2025 place it after the world's two largest economies, the US and China, said participants at the Kaspersky Horinzons conference, which took place from June 30 to July 2, 2025 in Madrid.
The current global situation is critical, according to Clement Domingo, an ethical hacker and avid cybersecurity advocate who has helped several major companies in France and other countries repel more than 180 cyberattacks.
Clement Domingo said: "According to a study conducted in 2023, the global value of ransom demands paid that year exceeded $1.1 billion. However, I believe that, in reality, this value is 8 or 9 times higher, because many companies do not declare to the authorities that they have been attacked. In light of this value and what I observe on the darkweb, I believe that we are dealing with a cybercrime industry, which in 2025 will be in third place in the world in terms of global revenues, after the economies of the USA and China.”
• Clement Domingo: "There are at least 10 cybercrime groups that can break into the systems of any company at any time”
During the conference, Clement Domingo dispelled the idea that hackers would be immune to what happens on the internet. The cyber expert stated: "If we analyze the current state of current threats, we notice that there are over 20,000 active hacker groups in the world, of which 150 groups have a medium level, and at least 10 groups are at a very high level in terms of the technology used, its use in cyber attacks and the digital training of the members, so that they can break the cybersecurity systems of a very large company with offices all over the world at any time. We are talking about criminal groups in the cyber field, which are very well organized, on the structure of classic companies, which have annual revenues of hundreds of millions of euros or dollars, groups that more recently carry out their criminal activity from inside office buildings located in different residential areas in major cities around the world. Each hacker in these groups has a minimum weekly income of between 1800 and 2100 dollars or euros, which shows us that in 2025 it has become more important to be a cybercriminal, than to sell drugs. At the same time, we also notice that there is a change in cybercrime: hackers who break into companies' digital networks are increasingly younger or even teenagers, and one of them managed to obtain a ransom of $ 1.3 million in cryptocurrencies following a cyberattack, because the market where you sell and buy information or data is very large at the moment. Therefore, it is very important to talk to young people and educate them about the increase in digital threats and risks”.
The French expert mentioned that hackers who are part of cybercrime groups are in constant innovation and presented the example of the Black Basta group which is in the global top 5 of cyberattacks launched.
• Cybercrime groups - organized on a corporate model
Clement Domingo stated: "Cybercrime groups are innovating all the time, especially since they are now supported in this by Artificial Intelligence (AI). For example, the Black Basta database is so large that if in the past it took a month to analyze it, now it can be checked in a maximum of 6 hours with the support of AI. Moreover, we are witnessing a behavioral change. Black Basta no longer operates through various obscure garages, but has acquired a large office building, which it manages, in which they have generous spaces where operators work 8 hours a day, just like any other employee of a company in the world. Those who work for Black Basta benefit from all the necessary equipment at the office, recreation areas, areas where they can do sports or relax by playing various games on the most advanced play-stations. Some of the members of the cybercrime group have even become frequent customers of restaurants that have at least two Michelin stars. Don't be fooled by appearances. All of them are not employees of a normal corporation, of a multinational company that respects the law, but are employees of a cybercrime group that constantly examines the data of companies around the world and participates in establishing, requesting and negotiating the ransom by the companies attacked by Black Basta of the stolen data, information and files or for the resumption of the activity of the digital infrastructures on which t hey were blocked by hackers from this group. For example, if the operators in the Black Basta office building find that a company to be attacked has revenues between 200 million and 300 million euros, the requested ransom will be set between 1% and 10% of the total value of the company's revenues".
The French expert showed that the top 6 of the rewards requested by hacker groups globally is that requested by the German company MediaMarkt - $ 240 million, followed by the company Acer - $ 100 million, Royal Mail - $ 80 million, Kaseya and TSMC (in June 2023) - $ 70 million each and the British company Pendragon - $ 60 million. Clement Domingo also mentioned two more cases of ransoms requested and paid.
"The first, worth $ 40 million, was requested by the EvilCorp group and paid by the American company CNA Financial. The second, worth $75 million, was requested by the Dark Angels group, but we have not yet been able to identify the company that paid the ransom. And don't be fooled. It's not just about cyberattacks on large companies. Hackers are also attacking smaller companies. For example, an architecture firm paid a ransom of $8,000 to recover data stolen by hackers,” said Clement Domingo.
He also said that although it seems that all cybercriminal groups are always one step ahead of those fighting these crimes, by implementing unified policies, by harmonizing national legislation in the European Union in this area, by imposing ethical principles and by digital education and understanding what Artificial Intelligence can do, these hackers can be defeated.
"Some of the current questions are the following. How can we be sure that the technology we use provides us with the necessary cybersecurity? And here I am referring to Open AI, Deepseek, etc. How can we be sure that the people working on developing these technologies are as honest as we are? Then we need to make people understand that AI means much more than using ChatGPT, because there are many users who equate AI with Chat GPT”, said Clement Domingo.
• Cybersecurity education, a global priority for the next 5 years
In these conditions, participants in the Madrid conference emphasized that digital education is the optimal solution for real cybersecurity and for drastically reducing the chances of success of cyber attacks. At a time when Artificial Intelligence represents a challenge regarding the transformation and security of the entire world, ethical and legal issues regarding the development and use of this technology carry increased risks, which can only be combated through digital education starting from the earliest age, cyber experts argue.
Jochen Michels, Director of the Public Affairs Department for Europe at Kaspersky, also expressed the same opinion, arguing that international cooperation between all stakeholders is needed to to combat cybercrime.
Jochen Michels stated: "It is about the cooperation of all stakeholders: institutions, authorities, companies, the private sector, individuals, academia, universities, scientists. Unfortunately, in all the cases I know of, I have not heard of any refusal to pay the requested ransoms. That is why I believe that a commitment is needed to refuse all of these ransoms. We need to cooperate, to work together, to be very organized, because cybercriminals are very organized and work very well together, which is a huge advantage compared to what is happening in our societies. Especially since we will face new challenges with the development of machine-learning (ML) and AI systems, systems and technologies that help detect over 450,000 cyber threats daily and respond efficiently and effectively to these threats. Let's be careful, however, because cybercriminals are also using AI to increase the number and quality of cyberattacks.”
Sergey Lozhkin, Head of Global Research and Analysis Team (GReAT) at Kaspersky, said that none of the experts can say with certainty what will happen to AI in the next 5 years, nor what will happen to AGI (Generative Artificial Intelligence), but they expect that these technologies will evolve, become superior, and in 10 years we will witness the dramatic transformation or reduction of everything we knew into a single element.
"That is why, in order to be prepared for the future, cybersecurity education is essential right now. If in the next 5 years we do not accelerating this education, efforts to repair the damage caused by cyberattacks will be very difficult to remove, especially since in the next 15 years we are preparing for the transition to the era of quantum computing,” said Sergey Lozhkin.
• Marc Rivero: "AI has become a multiplier force for cyberattacks”
Marc Rivero, Lead Security Researcher at Kaspersky GreAT, emphasized that his biggest concern about Artificial Intelligence is the impact it will have on open-data and its protection. The Kaspersky GreAT specialist noted: "People tell us how beautiful this future will be, but they don't tell us that AI still has hallucinations or other errors that can impact users. At the moment, we are witnessing a decline among companies, because entrepreneurs do not know how to explain new technologies to employees, what the risks are, but also what the advantages of ethical and safe use are. Cybercriminals have perfected the transmission of emails or sms or other types of phishing messages with the help of AI and have even established local patterns by which they convince users in a certain area to perform the action that the hackers want. Moreover, it has become very easy for these guys to create malware using AI, to create new full ransomware versions, which are harder to see by antiviruses, if not almost invisible. We already know that AI is used by cybercriminals to develop ransomware and malware and that AI writes several variants of the same malware in a few seconds, but also creates modular components such as those for DDoS and regular encryption. Unfortunately, AI is not just a tool for cyber defense, but has become a multiplier force for cyber attacks.”
Representatives of other IT companies, Liliana Acosta-founder and CEO of Thinker Soul and Pilar Troncoso-Chief Relations Officer at Qcentroid, concluded the cybersecurity debate organized in the Spanish capital by claiming that we are witnessing a different way of thinking, that it is necessary not only to change the rules of the game, but also the way in which businesses have been conducted so far, and that it is necessary for each entrepreneur and their employee to give their best in order to succeed in bringing to optimal parameters what used to be possible with old technologies.
Reader's Opinion