7 Emerging Cyber Threat Trends in 2025

What risk trends can we expect to see in 2025’s cybersecurity landscape? If this past year is any indication, artificial intelligence will play a role, and we’ll be seeing an increase in cyberattacks by nation states. Banking institutions and healthcare groups will also find themselves in the crosshairs of hackers and ransomware groups, and MFA may no longer be enough to protect your sessions against criminals. 

So what can you expect as you plan risk management strategies for 2025? This year’s list contains a little of everything, including some new attack vectors as well as some old standbys: 

1. AI will be a key component of more attacks

AI has dramatically changed the way we do business, and unfortunately this is also true for criminals, who have been using AI tools to improve their attacks. Specifically, threat actors have been using Gen AI tools to create more convincing social engineering attacks, writing messages targeting employees and tricking them into revealing key information. Google projects that AI will continue to be a favorite tool for attackers, who are likely to use GenAI, deep fakes, and other AI technology to create more effective attacks at scale.

2. Ransomware is still a threat — especially to healthcare groups

Ransomware is malware — or malicious software —  that holds an organization’s information, systems, data or networks for ransom. It does this by blocking access to data, either by encrypting the data or by locking a system. The attackers then demand a ransom for the encryption key. If the ransom isn’t paid, you don’t get your data back, and some attackers will threaten to publish proprietary information on the public internet. 

Ransomware attacks are unlikely to stop; unfortunately criminals have found that this sort of crime pays. There have been some changes in the targets that threat actors are choosing, however. In 2024, ransomware groups targeted healthcare groups, stealing patient records, payment information, and other sensitive data. This is likely to continue into 2025.

3. Geopolitical motives will be behind more attacks

The U.S. presidential election may be in the rearview mirror, but the administration change in early 2025 will be a magnet for hackers backed by nation states. Google projects that the Big Four — Russia, China, Iran, and North Korea — will continue to back attacks on entities in the U.S., seeking to capitalize on instability caused by the changing administration. Even without a transition of power, those countries have been stepping up cyber espionage, crime, and attacks in general.

4. Data theft will continue to impact banks and financial services

By the end of the third quarter in 2024, 2,243 reported data compromises had been reported to the Identity Theft Resource Center (ITRC), up from 2,116 at the same time last year. One of the more interesting findings: banks and financial services were most targeted by threat actors in 2024, followed by healthcare groups. 

5. If you don’t vet suppliers you might suffer an attack

You do background checks on your new hires. You should also complete background checks on vendors, because they are often an attractive target for hackers, who can potentially gain access to many companies by breaching one. 

Vendor hacks are common, and recently, there’s been a surge in supply side attacks. ITRC found that supply chain attacks rose dramatically in the third quarter, affecting more than 900,000 victims. 

6. The rise of the infostealer will allow criminals to bypass password theft

Password theft has long been a threat to businesses of all kinds, but the adoption of multifactor authentication (MFA) has made this kind of attack less of a risk for many organizations. Criminals have taken note, using infostealers to get around MFA. 

Infostealers are a type of remote access malware which infects a computer and then quietly steals massive amounts of information from it. The stolen data includes session cookies, session tokens, credentials stored in browsers, and information about the system. The stolen cookies and tokens can be used to get into sessions that have already been authenticated, allowing criminals to hijack a user’s session without a password. 

7. Bitcoin is gaining mainstream acceptance… but watch out for fraud

Cryptocurrency may finally be breaking into mainstream institutions, with financial institutions increasingly exploring Bitcoin traded funds, and Bitcoin hitting the $100,000 milestone on Wall Street in early December. However, crypto theft and fraud remains a risk; cryptocurrency is an attractive target for criminals, and crypto theft and fraud has been rising. Google predicts more heists on crypto organizations in the coming year. AI also poses a fraud risk as more threat actors use deepfakes to bypass crypto verfication measures. 

Why should physical security pros worry about cyber risk? 

Many companies consider IT security to be separate from physical security. They are often handled by different departments and those departments may not report to the same leaders in the organization. 

That’s a risk management mistake; physical security and cyber security are deeply and intrinsically related — especially now that technology is a part of almost every aspect of our lives. As long as we continue to see physical risk and IT risk as different, companies leave themselves vulnerable to the places where those risks intersect. Even if physical security and cyber security are handled by different teams at your organization, they should see each other as partners when planning to handle risk.

 Ready to create a plan for IT security? Talk to us now about assessing your security.