Cybertrends 2025: Criminal smokescreens and democratized cyberattacks
In cyber security, the last few years have shown that you have to expect everything. However, as no one can see into the future, it is worth looking back at 2024 to assess developments, anticipate possible scenarios for the future, adapt and look forward to a new year with confidence. Security is well positioned, but vigilance is and remains the top priority. After all, criminals are increasingly opportunistic when it comes to their prey, clients and supporters.
So what can we expect in terms of cyber security in 2025?
1. attackers are increasingly focusing on the cloud
As more organizations protect their devices with Endpoint Detection and Response (EDR) and multi-factor authentication (MFA) becomes more prevalent, ransomware attackers are increasingly targeting cloud resources that don't normally have MFA. The "prize" for criminals is no longer passwords, but authentication tokens and browser cookies
2. generative AI ensures the "democratization" of cybercriminal activities
Tools and techniques used by professional cybercriminals are used as training data by many GenKI platforms. This means that certain cybercriminal activities have been "democratized" and low-skilled, opportunistic attackers can now create a phishing lure or ransomware code, for example, without much effort. Due to the lack of professionalism, these attacks have a low success rate, but their mass contributes to tying up the resources of the defenders and thus clearing the way for the professional attackers.
3. cyber criminals are increasingly setting off smoke and mirrors
Cybercriminals are increasingly using diversionary tactics to disguise their main activities and cause disruption and confusion to defenses. Smaller attack operations tie up response resources and lead to a reduction in the overall effectiveness of defenses. This leads to an imbalance between the good guys and the bad guys, even with well-positioned cyber security.
4. attacks on the supply chain have a greater impact
Attacks on the software supply chain, the consequences of which extend far beyond the business of individual companies, are an increasingly important element in the attack strategies of cyber criminals. They want to build up as much pressure as possible in order to lend even more weight to their ransom demands and increase the sums extorted.
5. complex cyberattacks use LLM multi-agent systems
Cybercriminals are also benefiting from the current development in the use of LLMs, which consists of chaining models together to create more complex tasks. For example, instead of just using ChatGPT to write a line of code, cybercriminals can now combine multiple LLMs to create more extensive projects such as AI-generated websites, videos or deepfakes.
6. cyber criminals strive for more ROI
Exploitation after the successful infiltration of a company is no longer a single-track process. Attackers are increasingly using a "double-dip" approach. When they steal cryptocurrencies, for example, they also steal cookies or ID documents to use for other crimes.
Source: news.sophos.com
This article originally appeared on m-q.ch - https://www.m-q.ch/de/cybertrends-2025-kriminelle-nebelkerzen-und-demokratisierte-cyberattacken/
