How AI-Powered Cyberattacks in 2025 Could Have Been Prevented

Today we discuss a few of the top AI-powered cyberattacks that occurred in 2025 to illustrate exactly how preventable these incidents can be when the proper controls and processes are in place. These examples provide insight into what happened, but also how they could have been prevented in the first place.

The interesting thing about each of these attacks is that if the entity or business had employed a few simple best practices, they could have prevented the impact—especially as we enter an era dominated by AI-Powered Cyberattacks, where even minor oversights can lead to devastating consequences.

It goes without saying that cyberattacks have and will continue to escalate in scale and sophistication, targeting small to medium-sized businesses, critical infrastructure, and financial institutions. Many of these threats are now driven by automation and machine learning, with AI-Powered Cyberattacks becoming a top concern for security teams across industries. Here are three of the most significant cyber incidents this year, along with insights into what transpired and how such attacks might have been prevented.

1. Marks & Spencer (M&S) Ransomware Attack

What Happened: In early 2025, UK retailer Marks & Spencer (M&S) suffered a major ransomware attack attributed to the hacking group Scattered Spider. The attackers infiltrated M&S’s IT systems, causing widespread disruptions across its 1,049 stores. Online operations were paused, and internal systems were severely impacted, leading to issues like canceled orders and problems with gift card usage. The group allegedly stole the NTDS.dit file, a core component of Windows Active Directory, and used the “DragonForce” encryptor to lock systems. The ransom demand was speculated to reach £10 million, although it’s unclear if M&S received or paid such a demand.

While this incident involved known ransomware tactics, it’s the kind of disruption we now see increasingly as part of AI-Powered Cyberattacks, where threat actors deploy adaptive tools that evolve faster than traditional defenses.

AI-Powered Cyberattacks Prevention Measures:

• Enhanced Endpoint Security: Implementing advanced endpoint managed detection and response (MDR) solutions to detect and prevent malicious activities.
• Regular Security Audits: Conducting frequent security assessments to identify and remediate vulnerabilities.
• Employee Training: Educating staff on recognizing and reporting phishing attempts and other social engineering tactics.
• Incident Response Planning: Developing and regularly updating an incident response plan to ensure swift action during cyber incidents.

2. Spain and Portugal Power Grid Disruption

What Happened: In April 2025, Spain and Portugal experienced one of the most severe power outages in recent European history, affecting around 60 million people. The blackout caused widespread disruptions, including transport delays and loss of communications. While initial reports pointed to a generation disconnection in southwest Spain, Spain’s highest criminal court is probing potential computer sabotage as a cause.

This type of infrastructure attack is no longer purely theoretical; AI-Powered Cyberattacks have made it easier for sophisticated actors to pinpoint vulnerabilities in large-scale industrial systems.

AI-Powered Cyberattacks Prevention Measures:

• Infrastructure Monitoring: Implementing real-time monitoring systems to detect anomalies in power grid operations.
• Cybersecurity Protocols: Establishing robust cybersecurity measures for critical infrastructure to prevent unauthorized access.
• Regular Drills: Conducting simulations and drills to prepare for potential cyber threats targeting infrastructure.
• Collaboration: Enhancing collaboration between government agencies and private sectors to share threat intelligence.

3. Bank Sepah Data Breach

What Happened: In March 2025, Iranian Bank Sepah was targeted by the hacker group “Codebreakers,” which claimed to have accessed over 42 million customer records, including sensitive financial data. The group alleged it had extracted more than 12 terabytes of confidential data and demanded $42 million in Bitcoin to prevent the disclosure of the information. The bank initially denied the breach but faced widespread criticism as the hackers released partial data, including information related to military personnel.

This is a textbook example of the kinds of breaches that AI-Powered Cyberattacks are designed to execute—high-volume, automated attacks that move quickly and adapt to security responses in real time.

AI-Powered Cyberattacks Prevention Measures:

• Data Encryption: Ensuring all sensitive data is encrypted both at rest and in transit.
• Access Controls: Implementing strict access controls and monitoring to prevent unauthorized data access.
• Regular Penetration Testing: Conducting regular penetration tests to identify and fix security weaknesses.
• Incident Response Strategy: Developing a comprehensive incident response strategy to address breaches promptly.

These attacks underscore the importance of proactive cybersecurity measures. All could have been prevented or mitigated had the organizations invested in training, implemented modern security solutions, and regularly updated their incident response strategies. With the rise of AI-powered cyberattacks, it’s more critical than ever for businesses to stay ahead of evolving threats through education, prevention, and preparedness.