The threats from cyberattacks will become more sophisticated by 2026, featuring techniques such as deepfake emails and targeted ransomware attacks. Companies need to be aware of seven deceptive tactics and learn how platform-based security solutions and AI-driven automation can help proactively defend against these threats.
(Source: AI-generated)
Cyberattacks are no longer a mass phenomenon – they are targeted, automated, and intelligent. While security teams are still sorting dashboards, attackers are already analyzing the next vulnerability. Particularly explosive is the growing role of artificial intelligence. Attackers have been using it for a long time – yet many companies are still hesitant to deploy defensive AI, even though a recent Darktrace study shows that almost 70 percent are already feeling the impact of AI-powered attacks.
At the same time, pressure on resources is increasing: only 19 percent of German companies plan to expand their security teams. Meanwhile, the need for faster decisions, proactive response, and full transparency continues to grow. The answer to these challenges: platform-based security, smart automation, and context-based analysis – in short, security solutions that can keep up.
These seven hacker tactics show what companies need to prepare for in 2026 – and how innovative cyber defense can stop these attacks.
1. Deepfake Emails that Sound Like the CEO
Phishing remains the most popular attack vector – and in 2025 it’s more devious than ever. Deepfake voices in voicemails, deceptively realistic emails from executives, QR code phishing via seemingly legitimate tools like SharePoint or Zoom: the methods are becoming more sophisticated, more targeted, and harder to detect. Darktrace recorded 30.4 million phishing attempts in a single year alone, many of them aimed at executives or administrators.
Traditional email filters are reaching their limits: over 70 percent of attacks bypass mechanisms such as DMARC, and 55 percent even break through advanced protection systems. Detecting such attacks in real time requires AI that understands not just content, but context – for example through self-learning analysis of communication behavior, combined with immediate correlation to account, network, or device activity.
2. Attacks that Sabotage Backups – Before Anything Even Happens
In the past, having backups meant being safe. Today, the mantra of many ransomware groups is: attack the backup first, then there’s no alternative to paying. Cybercriminals deliberately infiltrate cloud backups, network backups, or solutions like Veeam and Amazon S3 – often weeks before the actual attack. The result: data can no longer be restored, even with functioning disaster recovery.
Solutions that only raise local or isolated alerts often detect these multi-stage attacks too late. What’s needed is end-to-end visibility across network, process, and storage infrastructures – and systems that independently detect deviations from normal behavior and prioritize them in context. Only then can early warning signs of lateral movement or backup manipulation be taken seriously – and stopped automatically.
3. Malware-as-a-Service for Everyone
Cyberattacks are no longer the work of highly skilled lone actors – they’re a business model. Malware-as-a-Service (MaaS) now allows even amateurs to rent fully fledged attack campaigns, complete with support, infrastructure, and updates. Particularly popular are remote access trojans (RATs) that quietly embed themselves and exfiltrate data unnoticed for months.
These highly modular attacks constantly change their behavior and use legitimate tools – overwhelming traditional signature- or rule-based defenses. What’s required is cyber defense that analyzes behavior itself, regardless of name or attack vector. With self-learning AI, patterns can be detected that evade classical detection – and risks can be stopped before they escalate.
4. Attacks on Firewalls – 17 Days Before the CVE
Perimeter and edge devices have become a favorite target. Firewalls, VPN gateways, or IoT controllers are exploited deliberately and early – often long before a vendor releases a security update. Darktrace, for example, detected suspicious activity on a firewall 17 days before an official security advisory.
The challenge: many of these devices are well documented but insufficiently monitored – especially when network and endpoint security operate in silos. The solution lies in systems like Darktrace NEXT™, which correlate network data with endpoint telemetry, enabling seamless investigation from packet to process. Only those who understand the link between traffic and the specific process on a device can truly stop threats.
5. Shadow IT and Blind Spots in The Cloud
Cloud and SaaS bring agility – but also security gaps. Shadow IT, undocumented instances, or outdated configurations create dangerous blind spots. In many organizations, there’s no comprehensive overview of digital assets, attack surfaces, or realistic attack paths.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
That’s why Darktrace combines external attack surface analysis with internal exposure intelligence. The platform assesses which systems are truly exploitable – based on live data, vulnerabilities, and linked assets. This way, security teams don’t just see that a system is vulnerable – they see how realistic an attack actually is. The result: focus on what matters instead of patching blindly.
6. Security Teams Stuck in Tool Overload
SOC teams often work with half a dozen tools – each with its own logic, UI, and alerts. The result: context is lost, processes take forever, and errors creep in. Meanwhile, the attack continues. Especially in large organizations, this tool fragmentation costs time, resources, and nerves.
This is where the integrated platform approach comes in: with agentic AI that not only analyzes, but also independently draws conclusions. Darktrace’s example: the Cyber AI Analyst correlates data from email, network, SaaS, identity, and endpoints – and automatically creates coherent incident reports. Instead of drowning in individual alerts, analysts immediately see the full picture – and act in seconds, not hours.
7. AI Attackers Are Here – and Defenders Are Still Asleep
The threat posed by AI-based attacks is not hypothetical – it’s already reality. Seventy percent of German companies are already feeling the effects. Yet almost half feel insufficiently prepared. Often, there’s a lack of know-how, resources, or the courage to transform. At the same time, pressure is growing to become more efficient – with fewer staff but more responsibility.
Meanwhile, 86 percent of German security professionals see platform-based security solutions as more effective than a collection of individual tools. Because AI can not only detect threats, but also respond to them automatically – faster, more consistently, and more scalably than manual teams.
Conclusion: If You Want to Defend Today, You Need to Think Ahead Tomorrow
The reality is clear: attackers rely on automation, intelligence, and precision. Defenders must follow suit – with connected platforms that don’t just collect data, but understand it. Those still operating with isolated solutions risk drowning in an ocean of information.
:quality(80)/p7i.vogel.de/wcms/68/4b/684b0fdf046c2ce50f85f2962e4a5c4e/0128861342v1.jpeg "Consistent pricing is a prerequisite for success in the retrofit business. (Picture: ©bakhtiarzein - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/19/32/193281d281e697f7e7ed1e59beebbc8a/0127912129v1.jpeg "For the second processing step, the thin-walled component is moved into the gap between the inner and outer tool. (Image:Mapal)")
:quality(80)/p7i.vogel.de/wcms/cb/9c/cb9c788f7bd82466739e63c2403a06df/0129100353v1.jpeg "A rolling mill before modernization: downtimes, CO2 emissions and energy and maintenance costs are high. (Image:Deguma)")
:quality(80)/p7i.vogel.de/wcms/aa/1e/aa1e17bc8df164e0281d77a96b84a41d/0129392569v1.jpeg "The new Gordie Howe International Bridge between Canada and the USA has become a divisive and threatening tool by Donald Trump instead of an economic connecting element ... (Image:Burnsen)")
:quality(80)/p7i.vogel.de/wcms/8a/1e/8a1e6f65e2a0233007e1308a0bc42891/org-blobs-user-response-file-output-3964257d-ad39-4188-854f-cb9f073d1d06-plugin-output-call-xpdfkdgybtu3axwxtgikmroc-1536x864v1.png "(Source: AI-generated)")
:quality(80)/p7i.vogel.de/wcms/f8/f1/f8f13c6a36ecc58af66cdcd16733b262/pexels-googledeepmind-17485706-1920x1079v1.jpeg "(Source: Google DeepMind)")
:quality(80)/p7i.vogel.de/wcms/c5/c2/c5c2fbe38a551a5ac9e8201aa3044e95/0129369094v1.jpeg "The big tech companies are outbidding each other with triple-digit billion investments in AI development. (Picture: ©Shuo - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/9b/68/9b68b411ee0ecd20ef9313e782ce3a56/0129385769v1.jpeg "The Agibot A2 at a Fortune China event in December 2025. (Image:Agibot)")
:quality(80)/p7i.vogel.de/wcms/a7/34/a73475e9638e032c32288f53006abab7/newsimage417867-2665x1500v1v1.jpeg "Combination of a model from a scanning electron microscope image (left) with a section of the underlying crystal structure of a studied MXene with precisely controlled surface terminations. (Image:B. Schröder/HZDR)")
:quality(80)/p7i.vogel.de/wcms/d2/1a/d21a9b3e1333f306ffd6421e84f9e3d0/semiconductor-20image-20courtesy-20of-20gelest-3000x1688v1.jpeg "In a new collaboration, IBM will test the performance of Gelest precursor materials for dry resist EUV lithography, generating results that aim to guide Gelest on materials research and speed innovation toward smaller devices. (Source: Gelest)")
:quality(80)/p7i.vogel.de/wcms/f5/c6/f5c6cefa374d48138dc702821d41c7c6/greenspeed-visual-home-1500x843v1v1.jpeg "The EU Green Speed project is laying the foundations for cleaner and more competitive production of lithium-ion batteries in Europe. (Image:greenSPEED Consortium / VIRTUAL VEHICLE)")
:quality(80)/p7i.vogel.de/wcms/ba/d0/bad011e604599660b5b2cdd50eb44755/stefanie-arnold-152236-4500x2530v1v1.jpeg "Materials researcher Stefanie Arnold wants to make energy storage more environmentally friendly with the help of hollow carbon spheres. (Image:Saarland University)")
:quality(80)/p7i.vogel.de/wcms/e7/01/e701127d385ceffd0f86b3294f2a3c6d/0129354681v1.jpeg "Parking towers can be a space-saving solution, as the Munich-based company VePa Vertical Parking shows. The start-up has implemented an automated paternoster parking system in Munich's Werksviertel district. (Image:SEW-Eurodrive)")
:quality(80)/p7i.vogel.de/wcms/04/5c/045cb66bca1a642c56fc405ab96213dd/0129353500v1.jpeg "CATL's new sodium-ion battery is to be used in future car models of various Changan brands. They underwent rigorous testing in Yakeshi. (Image:Changan)")
:quality(80)/p7i.vogel.de/wcms/ce/ce/cecefd66fe6478ab996f9e975779b9e0/0129426378v1.jpeg "Electrifying losses! Ford, like so many other car companies, has miscalculated its electric car strategy. Now the US car manufacturer has to accept losses in the 2-digit billion range and is therefore setting a new course ... (Image:Ford)")
:quality(80)/p7i.vogel.de/wcms/89/e2/89e2226e826f23fb666222b66c737531/0129393966v1.jpeg "Chinese car manufacturers and suppliers want to produce small batches of brake-by-wire systems this year. (Image:Chery)")
:quality(80)/p7i.vogel.de/wcms/de/30/de30109024cc88d5a9f546a881542789/0129416855v1.jpeg "Starting signal for sub-2nm innovation made in Europe: The Belgian research institute Imec has announced the launch of the European NanoIC pilot line with a clean room expansion of 2000 square meters. (Image:imec)")
:quality(80)/p7i.vogel.de/wcms/02/50/02507ce2e6225bb6816c8805bd98da71/0129407664v1.jpeg "Thanks to a new type of sensor, hydrogen can also be reliably detected in humid environments. (Image:freely licensed)")
:quality(80)/p7i.vogel.de/wcms/ec/69/ec69eeae41109e5e9849e397685b26e1/0129310204v1.jpeg "The surroundings in view at all times: Thanks to the very thin heating element, which is integrated directly into the internal lens design, this is possible. The advantages are the smaller space requirement with higher efficiency. (Image:VIA optronics)")
:quality(80)/p7i.vogel.de/wcms/5d/d4/5dd4c8a38ecab28d7588490fa32c3a38/0129334467v1.jpeg "This is what the factory in Wałbrzych, Poland, will look like. (Image:Sungrow Power Supply Co., Ltd.)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/69/88/69882c428938e/tmts2026-ticec-banner-en-2000px.png "tmts2026-ticec-banner-en-2000px (https://www.tmts.tw/en)")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/88/44/88441b497a618976c959afbcba86e87e/0127567165v1.jpeg "Zero Trust security should be an approach for many companies due to increasing attacks on IoT and OT devices. (Image: ©ezra - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/42/30/4230405987bf408938befc2cc750d609/0122621419v1.jpeg "Time and again, as in 2025, there are security gaps in AI hacking attacks. (Image:DXC Technology)")