Release of the 2025 Cyber Security Report

Canon Marketing Japan Inc. (President: Masachika Adachi, hereinafter 'Canon MJ') has published the '2025 Cyber Security Report'. This report explains the cyber security threat trends that occurred in 2025, including commentaries on new attack methods based on the ClickFix technique and various countries' IoT security certification systems. As a security solution vendor, the Canon MJ Group regularly disseminates necessary information for security measures by collecting and analyzing information on the latest threats and trends, with the Cyber Security Lab—which handles cyber security research—at its core. We have now released the '2025 Cyber Security Report' (hereinafter 'this report'), which explains cases of cyber attacks that occurred in 2025 and malware detected in Japan and worldwide by the comprehensive security software ESET. Through the analysis of actual cyber attacks and incident cases, this report outlines the threat trends and changes in risk that characterized 2025. Furthermore, in addition to the ClickFix method, which is a social engineering attack, it also addresses new challenges faced by companies and organizations, such as explanations of new attack methods based on ClickFix, threats surrounding IoT devices, and trends in security certification systems. In addition, this report analyzes and considers the main cyber security threat trends that occurred in 2025 from the unique perspective of the Cyber Security Lab, summarizing useful information for security measures. <2025 First Half Cyber Security Report> https://eset-info.canon-its.jp/malware_info/special/detail/260407.html

■ Expansion and Evolution of 'ClickFix' 'ClickFix', which expanded rapidly from 2024 onwards, is a social engineering attack that uses fake CAPTCHA authentication screens to force users themselves to execute dangerous operations. In 2025, variants such as FileFix, TerminalFix, and JackFix appeared one after another, and a trend was confirmed where attackers change their methods according to the user's psychology and operating environment. Through a comparative analysis of the four methods, this report reveals the factors that cause users to be deceived and the characteristics of the operations that lead to the establishment of the attack. Furthermore, focusing on the fact that attackers are changing their methods according to the user's psychology and operating environment, it also considers future developments. ■ Threats Targeting IoT and the Spreading Security Certification Systems Cyber attacks targeting IoT devices remain highly active, with confirmed cases of misuse as stepping stones for DDoS attacks, as residential proxies*, and unauthorized access through surveillance cameras.