Hackers no longer target mobile phones; instead, they attack companies in order to reach millions of users.
Cybercriminals are shifting their strategy. Instead of targeting individual users, they are increasingly focusing on corporate IT infrastructure.mpromising one company's system can open the door to the data or devices of thousands, even millions, of people.
For years, many cyberattacks have directly targeted users' personal computers, mobile devices, and personal accounts. But this pattern is changing.
A report by Google’s Threat Analysis Group reveals that 48% of “zero-day” attacks detected in 2025 targeted technologies used in the enterprise sector, the highest number ever recorded.
Zero-day vulnerabilities are security flaws that attackers exploit before any official update or fix becomes available. For this reason, they are considered among the most important tools used in cybercrime and cyber espionage.
This change reflects a clear logic: attacking a single company can grant access to thousands of users at once.
The reason cybercriminals are increasingly targeting businesses is the multiplier effect their systems provide.
Many organizations today rely on complex digital infrastructures that store enormous amounts of information, such as cloud computing platforms, enterprise software, network and security systems, and electronic services used by customers.
If an attacker discovers a critical security vulnerability in any of these systems, he can gain access to the company's network, and then to customer databases, login credentials, or personal information.
In practice, a breach of one company can affect thousands or millions of users, even if they are not directly attacked.
The report also indicates that attackers are increasingly exploiting network tools and peripherals, such as corporate routers or internet-connected security systems.
These devices are typically found on the periphery of corporate networks and, in many cases, lack the same advanced detection tools found on internal computers or servers, making them very attractive targets.
Once compromised, these devices can become an entry point for attackers to move around inside a company's infrastructure for extended periods without being detected.
Although attacks now target businesses more than personal devices, that does not mean that users are safe from danger.
Quite the opposite, in fact: when corporate infrastructure is compromised, the consequences often spread rapidly, ranging from massive data breaches to cascading attacks on customers or end users.