Gyeonggi-do, Korea – AhnLab (CEO Sukkyoon Kang), a leader in cybersecurity, today announced its top five predictions for cybersecurity threats expected to emerge in 2025.
The prediction projects a wide range of insights across the cybersecurity industry, including:
- Surge in AI-powered attacks
- Rise of software supply chain attacks
- Cloud and IoT-driven attack surface expansion
- Increase in cyber warfare and hacktivism
- Evolution of ransomware attackers
“The 2025 cybersecurity landscape will become much more complex and challenging due to advancements in AI technology and the expansion of cloud infrastructure and IoT”, said Hayoung Yang, Head of AhnLab Security Intelligence Center (ASEC). “Both organizations and individuals must shift from reactive measures to a prevention-focused approach, practicing daily cybersecurity protocols to stay ahead of emerging threats”, he added.
1. Surge in AI-powered attacks
Admist the widespread adoption of various AI technologies, most notably generative AI, across industries, AI-powered cyberattacks will also become even more sophisticated in 2025. Attackers are likely to leverage AI in various ways, including:
- Conducting social engineering attacks(*) based on analysis of specific user groups’ language, culture and psychology as well as deepfake videos that impersonate a trusted person
- Discovering vulnerabilities in programs and systems
- Developing adaptive malware that learns and evades detection systems
- Scaling up attacks (by small hacker groups)
* Social engineering attacks: An attack technique that exploits human psychology and behavior, not vulnerabilities in the system
The advancement of generative AI has lowered the barriers to entry for cyberattacks, enabling less-skilled attackers to develop malware or identify vulnerabilities more easily. In this evolving landscape, organizations must exercise heightened vigilance by leveraging Threat Intelligence (TI) services, such as AhnLab TIP, to stay informed of emerging attack techniques and ensure robust cybersecurity defenses.
2. Rise of software supply chain attacks
The ongoing digital transformation has led to the era of “hyperconnectivity”, where numerous software, systems and services are interconnected with each other. With this shift, reliance on software and IT systems and the complexity of software supply chains have reached unprecedented levels. Targeting this environment, attackers will actively conduct software supply chain attacks that could impact the operations of multiple organizations within the supply chain with a single attack.
A software supply chain attack refers to when attackers infiltrate the software development process of a partner or supplier, eventually impacting the final product or service and its users. These attacks often target smaller vendors with weaker cybersecurity measures to acquire access to larger organizations’ systems. Organizations should thus gain visibility into their software supply chain by conducting regular cybersecurity audits with their partners.
3. Cloud and IoT-driven attack surface expansion
As many organizations have migrated to the cloud, attacks that exploit vulnerabilities in cloud infrastructure will rise. The adoption of a multi-cloud strategy, which leverages cloud services from multiple providers, has introduced challenges for organizations in ensuring seamless interactions between clouds and consistent security operations. Attacks that exploit vulnerabilities arising from the complexity of cloud environments such as misconfiguration, improper access controls and data breaches during cloud-to-cloud transfers are likely to increase.
The surge in IoT devices and the expansion of their cloud touchpoints will also drive expansion of the attack surface. IoT devices are often an easy target for attackers as users frequently neglect to update security patches in a timely manner, leaving vulnerabilities unaddressed. When vulnerable IoT devices connect to the cloud, the breach could potentially spread throughout the entire network. To mitigate such risks, users must follow basic security practices such as timely security patch updates.
4. Increase in cyber warfare and hacktivism
Conflicts over ideologies, religions and political interests around the world are increasingly extending into cyberspace. As a result, cyberattacks between hostile factions and hacktivist groups will continue to rise in the coming year. Attackers are likely to use a range of tactics, including DDoS attacks, website defacement, data breach and deepfake videos, to spread political or social messages. Cyber warfare and hacktivist attacks may evolve into even more destructive forms in 2025.
5. Evolution of ransomware attackers
The ransomware threat landscape will evolve even further in 2025. In 2024, major ransomware attacks disrupted daily life across various sectors, not limited to specific countries or industries. Despite efforts by national and international law enforcement to combat ransomware groups, ransomware attacks will continue as a lucrative revenue stream for attackers in 2025. The increasing competition among ransomware groups will likely drive further sophistication in ransomware tactics. The emergence of new types of ransomware, such as self-propagating “cryptoworm”, may accelerate. The use of large language models (LLMs) in negotiations will also mark a shift toward more refined and targeted attack strategies.
Organizations must adopt preventive strategies tailored to their environments. They need to implement regular security checks and apply timely patches for their IT systems, monitor authentication logs and assess supply chain security with their partners on a regular basis. They should also adopt multi-factor authentication, provide cybersecurity training for employees and utilize threat intelligence services that help track emerging attack techniques.
Individuals must adhere to essential cybersecurity practices. These practices include avoiding opening attachments or URLs within suspicious emails; downloading content and software only from official sources; and applying timely security patches. Additionally, they must use multi-factor authentication (MFA) for logins and maintain up-to-date antivirus software that helps real-time monitoring of malware.
About AhnLab
Founded in 1995, AhnLab is a leader in cybersecurity, providing robust protection across endpoints, networks, transactions, and essential services. The company’s solutions combine high-speed network compatibility with endpoint and server protection, leveraging cloud analysis for superior threat prevention. AhnLab’s multidimensional approach and world-class services offer holistic protection against sophisticated cyber threats.
