CyberWatch Weekly: Ransomware Fragmentation, CBSE Portal Attack, and AI-Assisted Cybercrime
This week’s cybersecurity updates show how quickly the threat landscape is changing. Ransomware groups are breaking into smaller and more unpredictable networks, CBSE’s re-evaluation portal stayed online despite a heavy cyberattack attempt, and AI is making it easier for emerging hackers to carry out more advanced attacks. The common message is clear: organizations need stronger resilience, better visibility, and faster response readiness.
Ransomware Groups Fragment Into More Volatile Splinter Networks
The ransomware ecosystem is becoming more unstable as large cybercriminal operations break into smaller, aggressive groups. According to Security Boulevard, law-enforcement pressure, internal conflicts, rebrands, and affiliate breakaways have pushed the ransomware landscape into a more fragmented phase, with several smaller groups now competing for victims and payouts.
This is happening because major ransomware operations no longer have the same control they once did. As larger groups face takedowns, arrests, and disruption, affiliates often move to new groups or create their own. The result is a more crowded and unpredictable cybercrime market where attackers may act faster, negotiate harder, and rely more heavily on data theft.
The report also shows how extortion tactics are changing. Instead of only encrypting systems, attackers are increasingly stealing sensitive data and using the threat of exposure as leverage. Stolen credentials, infostealer malware, and compromised identities are playing a bigger role, allowing attackers to enter environments and move toward extortion before organizations can respond.
To reduce the impact, organizations should focus on preventing data exfiltration, strengthening identity and access controls, monitoring credential exposure, and improving early detection. Regular backups are still important, but ransomware defense can no longer depend only on recovery. Businesses must also limit what attackers can access, steal, and monetize.
Key Takeaway: Ransomware is becoming more fragmented and aggressive, making early detection, identity security, and data protection more critical than ever.
Source: Security Boulevard Report
CBSE Portal Withstands Cyberattack During Re-Evaluation Process
CBSE’s re-evaluation portal remained operational despite a major cyberattack attempt that generated nearly 1.5 million hits in just two minutes. The Economic Times reported that the portal also faced more than 100,000 unauthorized file access attempts while thousands of students were using the platform to submit re-evaluation applications.
Public-facing education portals often see a sudden rush during important academic processes, which makes them attractive targets for disruption. Attackers may try to overload such platforms, interrupt access, or test for weak points when user activity is at its peak.
In this case, the attack appeared to be a denial-of-service attempt, where large volumes of traffic were directed at the portal over a short period. Despite the disruption attempt, CBSE said the platform continued to function, supported over 8,000 concurrent users, and allowed more than 16,000 students to complete their submissions by 3:00 PM.
Organizations running public digital platforms should prepare for such risks with denial-of-service protection, traffic filtering, strong access controls, real-time monitoring, secure file access mechanisms, and incident response plans. For critical services, resilience is not just about preventing attacks; it is also about keeping essential services available when attacks happen.
Key Takeaway: Public digital platforms need strong resilience because availability becomes just as important as security during high-demand periods.
Source: The Economic Times Report
Anthropic Warns AI Is Lowering the Bar for Emerging Hackers
AI is making cyberattacks easier for less-skilled threat actors, according to research highlighted by ITPro. Anthropic reviewed 832 accounts banned for malicious cyber activity between March 2025 and March 2026 and found that 560 of them, or 67%, were using AI to write malware. The report also noted that some attackers used AI to support lateral movement inside compromised environments.
This matters because AI tools can now assist with tasks that previously required stronger technical knowledge. Attackers are not only using AI for phishing or initial access attempts. They are increasingly using it deeper in the attack lifecycle, including account discovery, privilege escalation, lateral movement, and decision-making after compromise.
The concern is no longer just that AI can help write malicious content. It can also help attackers connect multiple steps with less effort, making their activity look more advanced than their actual skill level. As AI becomes part of the attacker toolkit, the gap between low-skilled and high-risk actors becomes much smaller.
To manage this risk, organizations should monitor suspicious post-compromise activity, review unusual account discovery behavior, strengthen privilege controls, and update detection strategies for AI-assisted attack patterns. Security teams also need to understand how AI can be misused, making practical SOC analyst training valuable for spotting faster, more automated attack patterns.
Key Takeaway: AI is making advanced cyber techniques more accessible, which means even less-skilled attackers can create serious security risks.
Source: ITPro Report
Final Thoughts
This week’s incidents point to three important shifts in cybersecurity. Ransomware groups are becoming more fragmented, public platforms are facing high-volume disruption attempts, and AI is helping attackers perform more complex actions with less expertise.
For organizations, the focus should be on building stronger identity controls, improving cyber resilience, monitoring suspicious activity early, and preparing teams to respond before attacks escalate. Cybersecurity is no longer only about blocking threats; it is about limiting damage, maintaining continuity, and staying prepared for faster-moving attacks.
Stay vigilant and stay informed with InfosecTrain’s CyberWatch Weekly.