Cybersecurity threat predictions for 2025

2024 witnessed an alarming surge in cyberattacks across various sectors, with threat actors becoming increasingly sophisticated in their methods. The average cost of a data breach reached a staggering $4.88 million, having increased 10% over the previous year, with cloud breaches averaging even higher at $5.17 million.

This article delves into the current cybersecurity landscape, the growing role of Artificial Intelligence (AI)-powered attacks, our predictions for 2025 and our recommendations on how organizations can stay ahead of these or bounce back faster.

The evolution of ransomware

 Ransomware continued to impact organizations in 2024, with attackers adopting new techniques and strategies to enhance their effectiveness. AI is becoming increasingly important in this evolution, enabling attackers to automate tasks, personalize their attacks, and evade detection.

Beyond this, the development of agentic AI introduces a new level of threat, enabling autonomous agents to not only select targets but also dynamically adapt their attack strategies based on real-time data, significantly accelerating the pace of target acquisition.

AI can also personalize ransomware attacks by tailoring phishing messages or social engineering tactics to specific individuals within an organization. This personalization enhances the likelihood of victims falling prey to the attack, as the messages appear more credible and relevant. Even more concerning, agentic AI can amplify this personalization, by creating AI agents that learn and adapt to individual user behavior, creating highly believable and persuasive attack vectors, and even negotiate ransomware demands autonomously.

Ransomware in itself has also rapidly evolved from basic encryption to sophisticated “septuple extortion” tactics, i.e. attackers now employ a multi-pronged approach. They encrypt data (and demand a ransom for the decryption key), steal data to leak or sell, launch DDoS attacks, harass customers and partners, make legal threats, threaten reputational damage, and in extreme cases, even threaten physical harm. This comprehensive extortion strategy maximizes pressure on victims to pay ransoms, regardless of their backup strategies or refusal to pay.

For instance, in June 2024, CDK Global, a major software provider for the automotive industry, experienced a ransomware attack by the BlackSuit ransomware gang. The attackers escalated their ransom demand from $10 million to over $50 million.

Key insights

The increasing use of AI in ransomware, coupled with the evolution of septuple extortion techniques presents a significant threat to organizations. AI enables attackers to automate various stages of the attack, personalize attacks and evade detection, while septuple extortion tactics pressurize victims to pay hefty ransoms.

Cloud threats

Cloud computing remains a primary target for cyberattacks, with attackers exploiting vulnerabilities in cloud infrastructure, applications and user access controls. The increasing adoption of cloud services across various sectors has expanded the attack surface, making it crucial for organizations to prioritize cloud security.

Misconfiguration and inadequate change control were the top cloud security threats in 2024. And this continues in 2025.

But how does this occur?

When cloud computing assets are set up incorrectly, they become vulnerable to unauthorized access, data breaches, and operational disruptions. The transition to cloud computing has amplified the challenges of configuration management and vulnerabilities, making it critical for entities to adopt cloud-specific configurations and security measures.

A notable example of vulnerability exploitation is the series of data breaches linked to attacks on Snowflake, a cloud-based data warehousing and analytics platform, which began in April 2024. These attacks, which involved the use of stolen credentials, impacted hundreds of millions of individuals using the services of companies like AT&T, Ticketmaster, and Santander Bank.

Key insights

Attackers are exploiting vulnerabilities and misconfigurations in cloud infrastructure, applications, and user access controls to gain unauthorized access, disrupt operations, and steal sensitive data.

Targeting enterprise AI/Gen AI systems

 While AI is revolutionizing cybersecurity defenses, it also presents new challenges as attackers increasingly leverage AI to enhance their capabilities. Enterprise AI and Generative AI (GenAI) systems, with their ability to analyze vast datasets and automate complex tasks, are becoming attractive targets for malicious actors. Attacks on these systems can disrupt operations, manipulate outcomes, and compromise sensitive information.

A critical concern is AI model poisoning, where attackers inject malicious data into the training dataset of an AI model, causing it to produce inaccurate or malicious outputs ⁵. This can have devastating consequences, especially in critical sectors like healthcare or finance, where AI is used for decision-making.

Another significant threat is adversarial AI attacks, where attackers manipulate input data to deceive or mislead AI models. This can lead to incorrect classifications, misinterpretations and system manipulation. For example, attackers could use adversarial techniques to bypass facial recognition systems or manipulate AI-powered fraud detection mechanisms.

In addition to these threats, attackers can also exploit vulnerabilities in Enterprise AI/Gen AI systems through techniques like jailbreaking and prompt injection, as examples. While both use specially crafted input data to disable protections and trick the AI system into unwanted and potentially malicious behaviors, they do represent distinct vulnerabilities in AI/Gen AI systems. Indeed, the latter consists in overriding the AI model developer instructions with untrusted user input while the former consists in bypassing additional safety filters (like guardrails) which were added around the model (by the application or system teams deploying the AI system).

Key insights

As AI becomes more prevalent in various sectors, attacks targeting Enterprise AI/Gen AI systems are likely to increase.

Targeting critical infrastructure

 Critical infrastructure, including energy grids, transportation systems, and healthcare facilities, remains a prime target for cyberattacks, with geopolitical tensions further escalating the risk. Attacks on these systems can disrupt essential services, cause significant economic damage, and even endanger public safety.

In 2024, there were reports of attacks targeting critical infrastructure in various countries. For example, in May 2024, Poland, Germany, and the Czech Republic accused state-sponsored cyber spies of targeting government and infrastructure networks. Between November 2023 and April 2024, state-sponsored cyber actors in the United States accessed and manipulated critical industrial control systems (ICS) in sectors like food and agriculture, healthcare, and water and wastewater. One hacktivist group even remotely manipulated control systems within five water and wastewater systems and two dairies in the U.S.

In another attack, the Salt Typhoon group attacked major U.S. telecommunications companies, including AT&T, Verizon, T-Mobile, and Lumen Technologies, in a campaign that went undetected for months and has been underway for up to two years, as revealed in December 2024. These attacks targeted customer call data and law enforcement surveillance request data, highlighting the potential for disruption and espionage.

Key insights

Geopolitical tensions are increasingly playing out in cyberspace, with critical infrastructure becoming a battleground for cyberattacks.

Supply chain vulnerabilities

 Supply chain attacks, where attackers target an organization through vulnerabilities in its suppliers or vendors, continue to pose a significant threat. These attacks exploit the trusted relationships between organizations and their partners to gain access to sensitive data, systems, or infrastructure.

One example is the ransomware attack on Blue Yonder, a major technology provider for retailers, in mid-November 2024. This attack disrupted operations for numerous retailers, including well-known companies such as Starbucks, Morrisons and Sainsbury’s, highlighting the vulnerability of supply chains to cyberattacks. The Termite ransomware group claimed responsibility for the attack and claimed to have exfiltrated 680 gigabytes of data from Blue Yonder, including sensitive information such as databases, email addresses, and over 200,000 insurance documents.

Another example is the Black Basta ransomware attack on BT Conferencing, a division of BT Group, in early December 2024. The attackers claimed to have stolen 500 GB of data, including financial and organizational data, confidential information, and more.

Adding to the complexity, vulnerabilities in Application Programming Interfaces (APIs) are also being exploited. Attackers target these vulnerabilities, especially in public-facing APIs, to gain unauthorized access and compromise systems. They may even target API keys, authentication mechanisms, or vulnerabilities in the API code itself to compromise systems and data.

Key insights

Supply chain vulnerabilities are a significant concern for organizations of all sizes. Attackers can exploit weaknesses in the security posture of suppliers or vendors, including vulnerabilities in APIs and public APIs to gain access to sensitive data, disrupt operations, or launch further attacks.

Quantum disruption

 The emergence of quantum computing poses a significant threat to cybersecurity as it has the potential to break widely used encryption and signature algorithms that protect sensitive data, transactions and communications. This can have devastating consequences for individuals, businesses, and governments alike.

The primary concern lies in the ability of quantum computers to break asymmetric encryption, which is widely used to secure online and local transactions and communications. To illustrate this, RSA, the most widely used asymmetric encryption algorithm, relies on the difficulty of factoring large numbers, a task that quantum computers can perform exponentially faster than classical computers. This could expose sensitive data to unauthorized access, compromise financial transactions, and disrupt online services.

Quantum computers also have the potential to break other asymmetric encryption algorithms, such as Diffie-Hellman (DH) and elliptic curves (ECC). This could undermine the security of various online services and applications, leading to data breaches, financial fraud, identity theft, and other cyber threats.

One of the attack scenarios that is already exposing our digital applications today is the infamous “harvest now, decrypt later“ employed by some attackers, where they store encrypted data today to decrypt it later when quantum computers become powerful enough, hoping long term secrets are then available to them which still have immense value to the target (organizations which encrypted the data in the first place, thinking it is safe forever).

This is why 18 European Union Member States signed a joint statement end of November 2024 to urge organizations, industries and governments to make the transition to post-quantum cryptography (a new set of asymmetric algorithms resistant to future quantum computers) a top priority and start such a transition now. They also recommend protecting PKI systems and systems handling sensitive information from quantum threat by end of 2030. The US NIST, standardization body, announced disallowing RSA, ECC and DH by 2035.

However, the threat extends beyond just breaking encryption. The rise of quantum computing also creates a ripe environment for misinformation and disinformation campaigns. Threat actors could exploit public anxiety surrounding quantum decryption to spread false narratives about data breaches and compromised systems.

They might fabricate evidence of “quantum hacking” and data leaks, creating widespread confusion and eroding trust in digital systems. This misinformation could be used to manipulate public opinion, disrupt markets, or even interfere with democratic processes.

Key insights

Future quantum computing systems have the potential to disrupt cybersecurity by breaking existing encryption algorithms.

Insider threats

 Instances of employees or authorized individuals misusing their access to sensitive data or systems are also known as insider threats, and these remain a significant concern. However, it is important to note that these types of threats can be intentional, such as malicious employees stealing data, or may be unintentional, such as employees falling victim to phishing attacks.

These may be motivated by various factors, including financial gain, revenge, or ideology. For example, a disgruntled employee might steal sensitive data to sell to competitors or leak it publicly to damage the organization’s reputation. In other cases, employees might be coerced or tricked into disclosing sensitive information or granting unauthorized access to systems. There have even been cases of attackers offering payments to employees to help them compromise the security of their organization.

While specific instances of insider attacks are often not publicly disclosed due to legal and reputational concerns, the following statistics highlight the prevalence of this threat:

• 28% increase in the number of insider-driven data exposure events between 2021 and 2024.
• 83% of organizations reported at least one insider attack in 2024. 

Key insights

Insider threats pose a complex and ongoing challenge for organizations.

Phishing

 Phishing attacks are not a new phenomenon. In these, attackers use deceptive emails, messages, and other methods to trick individuals into disclosing sensitive information, and it continues to be a prevalent threat. Now, AI is being used to enhance phishing attacks by automating the creation of personalized and convincing messages.

AI-powered phishing attacks can analyze vast amounts of data, including social media profiles and public records, to create highly targeted and personalized messages. These messages are more likely to deceive victims, as they appear to come from trusted sources and contain relevant information.

While specific phishing attacks are not always publicly disclosed, the following statistics highlight the increasing prevalence and sophistication of this threat:

• 202% increase in overall phishing messages in H2 2024
• 703% increase in credential phishing attacks in H2 2024.
• Anti-Phishing Working Group (APWG) observed 932,923 phishing attacks in Q3 2024.

Key insights

Phishing attacks are becoming increasingly sophisticated, with AI being used to enhance their effectiveness.

OT and IoT Threats

 The increasing connectivity of operational technology (OT) and Internet of Things (IoT) devices has expanded the attack surface for cybercriminals. These attacks can disrupt operations, compromise data, and even cause physical damage. OT and IoT devices are often interconnected, with OT systems controlling physical processes and IoT devices collecting and transmitting data. This interconnectedness further extends to IT environments, creating new opportunities for attackers to exploit vulnerabilities and cause widespread disruption.

Attackers could compromise medical devices, such as insulin pumps or pacemakers, to alter dosages or disrupt functionality, potentially endangering patients’ lives. They could manipulate robots to perform unintended actions, causing production delays, damaging equipment, or even injuring workers. Attackers could even compromise VR headsets to steal user data, manipulate virtual environments, or even cause physical harm by disrupting user perception.

Key insights

As OT/IoT technologies become more prevalent, it is crucial to address the security and privacy risks associated with them.

Malware as a service

Malware as a Service (MaaS) is a growing trend where cybercriminals offer pre-packaged malware solutions on the dark web for purchase or rent. This allows less technically skilled attackers to launch sophisticated attacks, increasing the overall threat landscape.

MaaS platforms offer a variety of malware solutions, including ransomware, spyware, and botnets. They often provide customer support, updates, and other services to their clients, making it easier for attackers to deploy and manage malware.

AI is also being used to enhance MaaS platforms by automating the mass-creation of targeted and efficient malware and providing it with evasion capabilities.

While specific instances of MaaS-driven attacks are often not publicly attributed to specific MaaS providers, the following examples highlight the growing impact of this trend:

• The rise of ransomware-as-a-service (RaaS) has led to a significant increase in ransomware attacks in 2024. RaaS platforms like LockBit and Conti have been particularly active, providing attackers with easy-to-use tools and infrastructure to launch ransomware attacks.
• The availability of sophisticated spyware and botnet solutions on MaaS platforms has enabled attackers to conduct large-scale espionage and distributed denial-of-service (DDoS) attacks.

Key insights

MaaS is a significant concern for cybersecurity, as it lowers the barrier to entry for cybercrime and increases the availability of sophisticated malware.

Regulatory actions and financial impact

 In addition to the technical aspects of cybersecurity breaches, it’s critical to consider the regulatory and financial implications. In 2024, Meta (Ireland) faced a large GDPR penalty, a fine of 91 million euros, for exposing customer data. This highlights the increasing scrutiny and penalties associated with data breaches and the importance of complying with data protection regulations. Enforcement of new regulations like NIS2, the Cyber Resilience Act or the AI Act to mention a few, intensifies the pressure on organizations to implement a minimum set of Cybersecurity measures.

Key insights

Gearing up for the journey ahead

 The cybersecurity landscape of 2024 was marked by a surge in sophisticated attacks, with AI playing an increasingly prominent role. To navigate this evolving threat landscape in 2025, organizations need to adopt a proactive and comprehensive approach to cybersecurity.

Here are some ways to go about this:

• Implement robust security measures, such as AI-driven threat detection and response, phishing resistant multi-factor authentication and regular vulnerability assessments.
• Monitor the attack surface and identify areas of improvement through a sound Security Posture Management.
• Prioritize security awareness training to educate employees about developing and already existing cyber threats and best practices.
• Develop and test incident response plans to ensure a swift and effective response to security incidents.
• Stay informed about emerging threats and vulnerabilities, such as those related to AI, quantum computing and XR technologies.
• Collaborate with industry partners and government agencies to share threat intelligence and best practices.

By taking these steps, organizations can strengthen their cybersecurity posture and mitigate the risks associated with the evolving threat landscape.

>> Partner with Eviden to develop a future-ready cybersecurity strategy. Speak to an Eviden Cybersecurity expert today.

>> Learn more about Eviden’s cutting-edge cybersecurity solutions: Digital Cyber Security Solutions | Eviden