Cyberattacks are becoming increasingly sophisticated. Small and medium-sized enterprises are now targeted as much as large organizations, often because their systems are less well protected. Two trends are emerging as particularly worrying this year, according to our experts.
Intelligent phishing
Artificial intelligence (AI) at the heart of targeted phishing campaigns
Traditionally, fraudulent emails were easy to identify: spelling mistakes, awkward wording, suspicious visuals.
But it’s not that simple anymore.
Today, artificial intelligence makes it possible to generate perfectly written messages, in impeccable French, adapted to the target sector of activity and aligned with the brand image or tone of internal communication. These emails look deceptively similar to those sent by a manager, a colleague or a regular supplier.
For example, an employee receives an email from the finance director asking them to validate an urgent invoice. The subject line is credible, the signature is genuine, the tone is familiar. One click on an attachment or a link is enough to launch the attack.
AI also makes it possible to bypass security filters
AI is also used to circumvent conventional detection tools. It can modify the structure of messages, camouflage scripts in files that appear harmless, or generate dynamic documents that are difficult to analyze. The result is that even with a good antivirus or a well-configured spam filter, a malicious email can reach the main inbox without triggering an alert.
What can be done?
It is essential to train all employees to recognize suspicious emails, even those that appear perfectly credible.
Enabling multi-factor authentication (MFA) considerably reduces the risk of unauthorized access. It is also recommended to implement advanced detection tools based on behavioral analysis, such as EDR, and to promote an organizational culture focused on digital vigilance.
Ransomware 2.0: your backups are no longer safe
Increasingly destructive variants
Ransomware is malicious software that encrypts the files on a computer system to make the data inaccessible, then demands a ransom to restore access. However, recent ransomware programs, such as LockBit 4.0 and RansomHouse, go far beyond traditional file encryption. They scan the company network, identify connected backup volumes, vulnerable network shares or poorly protected backup services, and then attack them.
Even a company that believes it has a backup copy may find itself without any recovery option if its backups are not isolated or sufficiently secure.
A double extortion: data theft and encryption
Even before encrypting the files, these malicious groups exfiltrate sensitive data: customer information, human resources, financial data or confidential documents. Then they demand a first ransom to unlock the files and a second to avoid the publication of the data on the dark web.
This strategy is particularly threatening, especially for organizations subject to legal obligations, such as Law 25 in Quebec, which requires the reporting of incidents involving personal information.
Veeam and the CVE-2025-23120 flaw
On March 19, 2025, the publisher Veeam released a patch for a critical flaw. Before the fix, the flaw allowed any authenticated user to take remote control of backup servers, exposing backup copies to destructive attacks.
With a score of 9.9 out of 10 according to the CVSS system, this vulnerability demonstrates how even backup solutions can become weak points if they are not well protected.
What can be done?
The key is to segment backup environments and isolate them from the main network. Regular restoration tests should also be carried out to ensure that the copies work and are actually accessible. Real-time monitoring for unusual behavior in the systems and the implementation of a well-defined response plan enable a quick and effective reaction in case of an attack.
Invisible but avoidable threats
Intelligent phishing and advanced ransomware have one thing in common: they rely on human error or poorly prepared systems.
The good news is that it is possible to significantly reduce the risks through concrete measures. Raising awareness among your teams, securing your environments and testing your backups are simple but powerful gestures.
Prevention is better than cure
Today’s cyberthreats are no longer spectacular: they are stealthy, targeted and often invisible… until it’s too late.
SMEs can no longer afford to ignore these risks. A proactive stance, based on training, supervision and technology, is now essential. Especially to ensure business continuity and protect what really matters: your data, your employees, your reputation.
Mon Technicien: your ally for proactive cybersecurity
At My Technician, we understand that cybersecurity is not just a question of software or firewalls. It is a question of vigilance, strategy and, above all, support.
That’s why our services are designed to help SMEs adopt security tools, structure their backups, train their teams and quickly detect suspicious behavior. We act upstream, before an incident occurs, so that you can focus on your activities with complete confidence.
💬 Thought of the day
In cybersecurity, it’s not a question of paranoia… it’s a question of preparation.
in your taskbar.