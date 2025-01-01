Gen, the tech company behind security brands including Norton, Avast, LifeLock, MoneyLion and more, released its Q2/2025 Gen Threat Report.

This quarter was marked by the takedown of the first known ransomware developed using AI, and globally, a 21% growth in data breaches and a 340% increase in financial scams. The team of Gen researchers also found a 100% increase in sextortion scams and a surge in Tech Support Scams spreading through Facebook.

New Zealand’s top threats in Q2/2025 were malvertising and scams (phishing, generic scams, E-shop scams, dating scams).

“This quarter’s global trends reveal a troubling surge in cyber threats, from AI-powered ransomware to cryptocurrency scams and sextortion,” said Mark Gorrie, Managing Director APAC for Gen Digital. “With the rise of AI and widespread data breaches, scams have become faster, more personalised, and harder to spot. New Zealand is not immune to these trends.”

Generally, crypto scams have been on the rise almost everywhere. In Q2/2025, blocked attacks jumped from thousands to millions globally, with June marking the sharpest spike. Globally, the risk of being targeted by crypto scams increased by 69,508% in Q2. New Zealand experienced an even sharper rise at 77,721%, which indicates heightened risk well above the global average.

“In a weaker economy, people facing financial uncertainty are increasingly drawn to quick fixes like crypto, creating fertile ground for scammers to exploit,” said Gorrie.

Cryptocurrency scams are fraudulent schemes where scammers trick people into sending digital currency or sharing sensitive login information. These scams often involve fake investment opportunities, impersonation of trusted figures, or emotional manipulation through romance scams. The anonymous and irreversible nature of crypto transactions makes it harder to recover lost funds.

Globally, financial scams jumped 340% in Q2/2025, with many traced back to deceptive ads and fake pages on Facebook. Scammers used everything from deepfake videos to chatbot forms to collect personal and financial data, often under the guise of legal help or investment offers.

In New Zealand, sextortion scams surged by 170% in Q2, significantly higher than the global average increase of 100%, pushing New Zealand to #19 on the list of the top 20 most at-risk countries. The list includes Japan, Czechia, Croatia, Singapore, Cyprus, Hong Kong, South Africa, Slovenia, Italy, Switzerland, Austria, Israel, Australia, Canada, Greece, Maldives, Cabo Verde, United Arab Emirates, New Zealand and Curaçao, highlighting how widespread and borderless the threat has become.

Criminals are refining their tactics, thanks to the help of AI and a wealth of personal data available from recent large-scale breaches. One of the latest techniques used by cybercriminals involves Google Maps and is designed to employ a more invasive and personalised approach that can really shock and intimidate their victims into complying with demands. Criminals – utilising names, addresses, and emails readily available on the Dark Web due to data breaches – can create targeted emails to victims containing fabricated footage and unsettling information and images of their real homes.

In Q2/2025, the report reveals that globally, 14% of all blocked Facebook threats were linked to Technical Support Scams, a sharp rise driven by fake Messenger-style pages that locked browsers and pushed users to call fake help lines. Facebook’s reach and ad infrastructure continue to make it a powerful tool for fraud at scale.

In New Zealand, there was a 278% spike in malicious push notifications, often disguised as video players or system alerts. These deceptive pop-ups trick users into clicking, leading them to phishing sites or triggering unwanted downloads, a tactic increasingly used to spread scams and malware.

“Scammers are counting on panic clicks; they exploit the split second where you react before you think. And that single click can take a person straight to a scammer’s doorstep,” Gorrie explained. “If an alert feels aggressive or off, trust your instincts and double-check through your antivirus software directly, and avoid giving notification permissions to untrusted websites.”

Gen continues to uphold its commitment to help victims of ransomware, uncovering a critical cryptographic flaw in FunkSec. This was the first known ransomware strain partially built using generative AI. While the malware successfully encrypted data and demanded payment, the Gen research team worked quietly with law enforcement to help victims recover their files without paying via a free decryptor released by Avast. FunkSec has since gone quiet.

Other key global highlights from the report include:

+21% increase in data breach events, with the number of breached emails increasing by nearly 16%.

Lumma Stealer remained active post-takedown, using a fresh infrastructure to continue data exfiltration.

+317% spike in malicious push notifications, often disguised as video players or system alerts.

+62% rise in remote access attacks, led by the return of Wincir RAT and abuse of cloud services like OneDrive.

DealPly adware, a threat that has been steadily declining, was revived with a focus on the US, Brazil, France and India.

A target on small businesses with infostealers, exploits, and remote access tools. Scams remained the top threat to small businesses.

The report is available for download now.