Group-IB's Expert Take on What's Coming: Cyber Predictions For 2025 (and beyond)

The digital environment is not isolated; it runs parallel to its counterpart, the physical world. Both are driven by constant interactions, innovation, and collaboration. So when disruptions happen in one space, they invariably affect the other. As digitisation grows, global collaboration also shifts due to geopolitical tensions. Nations are prioritising security by localising infrastructure, data, and key services within their borders.

Deglobalisation and digital sovereignty are driving changes, but security is being overlooked. The idea that domestic systems are inherently secure hinders global collaboration against cybercrime.

Cybercriminal activities are borderless. How can we possibly build effective protection without collective intelligence sharing, defence improvements, and strategic responses to emerging threats?

#1 AI-driven manipulations and cyberattacksArtificial intelligence (AI) is a macro trend that will continue to evolve. As AI becomes more embedded in business operations and critical infrastructure, the risks of exploits, data exposures, disinformation, and other threats continue to rise.

AI adoption is growing, but security and governance protocols are lagging, exposing sensitive data, credentials, and critical assets vulnerable to attacks. While some risks are accidental, it's clear that threat actors are increasingly using AI for nefarious purposes.

These include generating malicious code, scams, and targeted attacks, challenging current defence strategies.

Generative AI (GenAI) and large language models (LLMs) will play a key role in Cybercrime-as-a-Service (CaaS), automating the creation and deployment of cyberthreats such as phishing campaigns, exploit kits and malware.

Despite AI's potential for misuse, it is tipping the scales in favour of cyber defenders, helping them better defend against risks.

#2 Rising cyber espionage, sabotage, nation-state threat activityToday's geopolitical sensitivities motivate threat activities, driving cybercrime, including hacktivism, spyware, critical infrastructure as well as supply chain disruptions. The damage from these activities can potentially create an even more disastrous impact - a direct consequence of deglobalisation. Centralising critical systems and resources, such as a single data centre, without proper redundancy or backups increases vulnerabilities, making countries easier targets for threat actors, also increasing the risk of large scale service outages.

In June 2024, Indonesia experienced a major disruption in its government services due to a ransomware attack on its National Data Centre (PDN). This cyberattack impacted several government services, including immigration and licensing systems. Last year saw a lot of sabotage activity such as the Red Sea attack (affecting cables linking Europe, Africa, and Asia), where essential global connectivity setups were deliberately targeted. Such attacks are only expected to increase as cross-border tensions persist.

#3 Deepfake and synthetic media exploitsDeepfake technology is also rapidly evolving and becoming a tool for misinformation, brand abuse, fraud, and privacy violations. Synthetic media, including deepfakes, involves altering voices, images, and message components to manipulate viewers and listeners into taking specific actions.

Deepfakes are increasingly challenging biometric verification systems, allowing fraudsters to bypass security measures and gain unauthorised access to systems and data.

We are also seeing synthetic representations of officials and celebrities either soliciting funds or spreading fake news and propaganda, prompting authorities to enhance deepfake detection and protection strategies to mitigate reputational and financial risks.

#4 Shapeshifting and hyper-scaling fraudFraudsters are finding innovative ways to exploit AI for scam automation, marketing, and distribution. Deepfake technology, social engineering ploys, automated chats, emails, and phone calls are now used to create even more convincing fraud platforms, online affiliate programs, and fabricated identities and credentials for deception.

A growing component of the scam ecosystem is scam call centres. These centres are now forming an illegal global economy with crime networks' financial schemes now either involving individuals directly—through trafficking to scamming compounds - or indirectly, by luring people into fraudulent activities.

Increasing scams have reportedly caused billions in losses. To capitalise on this opportunity, cybercriminals will continue targeting the world's most mature economies, with greater access to potential vulnerabilities such as exploitable legal measures, enforcement mechanisms, and other evolving tactics.

An effective defence against fraud requires collective intelligence sharing among financial institutions, covering fraud schemes, mule accounts, and counterstrategies. This collaboration safeguards clients and fosters global efforts to combat scams and disinformation.

#5 Autonomous system hacksSelf-driven, self-learning models that solve human problems without manual intervention are becoming a reality. As autonomous technologies grow, securing them against cyberthreats is crucial. These AI-powered systems create opportunities for cybercriminals to exploit predictability through sophisticated attacks, such as adversarial techniques, data manipulation, system exploits, and unauthorised intrusions. This is especially concerning for IT/OT and critical infrastructure sectors, where autonomous systems support industries like mechanical process guidance.

#6 Your "neighbour" may become your vulnerabilityIt's no longer enough to manage just your own business systems security. Organisations must manage "neighbour" vulnerabilities too. Known as "nearest neighbour attacks," organisations are exploited through system weakness experienced by supply chain partners. This unconventional attack technique raises an important question: how can organisations defend against lateral attacks originating from devices they neither own nor manage?

#7 Cloud targetingEverything is shifting to the cloud. Businesses are leveraging the efficiency, extensive data exchange capabilities, and potential of cloud and multi-cloud environments to collaborate and grow. However, this transition also attracts attackers.

Common challenges such as data migration vulnerabilities, network security misconfigurations, insecure APIs, access management flaws, and weak encryption practices only amplify these risks. Lax security in configuring, accessing, and managing cloud infrastructure can leave organisations more exposed.

#8 Identity-based attacks call for adaptive verificationLinking every online interaction to the real user behind it has become critical to ensuring the integrity and security of the digital trade. Identity exploitation is a growing concern, with current security practices failing to curb it. A common practice of people reusing passwords across multiple accounts increases the risk of data leaks and exposed credentials.

Attackers exploit weaknesses in authentication methods, such as SSO-based logins by bypassing a single verification layer through phishing or malware. Once credentials are compromised, attackers can impersonate users across platforms, bypassing even two-factor authentication (2FA). This enables fake accounts, cross-IDP impersonation, and multi-access attacks.

As adversaries exploit systems for malicious purposes, verification methods must evolve to combat identity-based attacks and fraud. Adaptive verification, surpassing MFA and 2FA, authenticates users based on risk factors like location, device integrity, and behaviour. With increasing synthetic identity fraud and system exploits, multifactorial verification may become standard, especially in sectors like banking and finance.

Building resilience against the expanding attack surfaceDespite robust cybersecurity being a critical need for every business today, there's still a smokescreen surrounding its purpose and accountability. Many businesses still lack proper cybersecurity strategies or frameworks beyond basic hygiene protocols.

Cyber leaders often struggle to connect risk management directly to business growth and stability. This makes it hard to justify spending and allocate sufficient budgets. As a result, cybersecurity is often seen as a "cost centre."

While CISOs should prioritise adopting AI-enhanced security operations for predictive threat intelligence, runtime monitoring and visibility, and automating incident response, security management, and control validation, it is not a holistic solution to emerging threats.

When facing an enemy with intricate thought patterns, an expert's counterintuition, critical judgment, understanding of the local threat context, and ability to read between the lines remain irreplaceable.

Resilience is the need of the hour. Since we've already entered 2025, the time for implementation is now. Remember these trends as you revisit the chalkboard to shape your business's cybersecurity strategy for the year.