Increase in business email compromise attacks

Although organizations have invested significantly in security awareness in recent years, we conclude that Business Email Compromise (BEC) remains one of the most popular attack methods. Cybercriminals exploit CxO and 'Adversary in the Middle' (AitM) attacks to commit financial fraud. These attacks are fueled by the use of deep fake techniques that enable imitation and social engineering. As AI becomes increasingly sophisticated, this trend will continue, and it is essential for companies to strengthen their security monitoring and measures.

Notable decline in ransomware attacks

In 2024, we observed a clear decline in ransomware attacks. This trend first became apparent after the escalation of the conflict between Russia and Ukraine. Particularly since 2022, we have seen a decrease in the number of attacks, which will continue this year. One of the more recent triggers influencing this trend is the breach of a large Russian money laundering network by Russian authorities, making the laundering of crypto into regular currency much more complicated. Additionally, the arrest of certain Threat Actor operators has created a sense of insecurity among ransomware groups. This has led to a decrease in the activities of major players and an increase in attacks by 'lone wolves'.

Among the ransomware attacks that do occur, we see that extortion based on data has become the most common focus. Attackers use a 'hit and run' method, stealing limited amounts of valuable data and applying significant pressure to pay as quickly as possible.

Rise of synthetic identity fraud

Synthetic identity fraud, which combines real and false information to create new identities, is clearly on the rise. These created, false identities often slip through detection systems and provide cybercriminals the opportunity to use these identities for loans or even to apply for government services. Synthetic identity fraud is a growing threat to financial institutions, governments, and also retail and healthcare organizations that process personal information to provide their services.

Increased risk of data theft and disruption by state actors

As geopolitical tensions rise, data theft and disruptions of core infrastructure are significant security trends this year. State actors are increasingly targeting sensitive or critical data to gather intelligence from governments and companies. As also mentioned in this research from Leiden University, they focus on sabotage and disruption of vital infrastructures to cause chaos and destabilize society.

To effectively respond to this threat, organizations must focus on data classification, improving encryption, and strengthening overall cyber resilience. This also applies to increased attention to critical infrastructures, including Operational Technology (OT) that are specifically vulnerable to attacks in international disputes.

More zero-day vulnerabilities in peripherals

As security for office environments has been strengthened, we see an increasing focus of cybercriminals on zero-day vulnerabilities in peripherals. These devices do not fall within the primary scope of IT environments but may serve as a springboard to a vast attack surface. This can pose a serious security risk. The exploitation of vulnerabilities in Fortimanager is a recent example of this. We also see an increasing focus on relatively easy-to-find and exploit vulnerabilities in Operational Technology (OT) and the Internet of Things (IoT). Many devices are vulnerable and lack general security measures, including monitoring. However, ensuring security throughout the supply chain is crucial to protect environments from security risks.

Security compliance and Third Party Assurance are the new normal

In addition to needing to comply with new laws and compliance measures, we see a general trend towards the necessity of demonstrating control. For example, through third-party audit statements and evidence that independent penetration tests have taken place. More specifically, 2025 will bring new legislation with the implementation of the Digital Operational Resilience Act (DORA), increasing the overall need for security compliance among financial organizations - which are already strongly focused on compliance. We are also likely to see more oversight of NIS2 across Europe in 2025.

As the Cyber Resilience Act (CRA) comes into effect, manufacturers of smart (consumer) electronics and OT systems will focus more on security. We also expect more attention to security measures for supply chains, where MSPs, SaaS providers, and MSSPs or other parties must demonstrate their compliance.

AI is a powerful extension of cybercriminals' toolkit

Much is said about cyber threats posed by AI. However, there are objective arguments to take these seriously, as AI provides cybercriminals with new and advanced tools that allow even less experienced or well-informed cybercriminals to make a serious impact. In addition to new methods for social engineering and powerful deep fake content, AI tools can support and accelerate large-scale phishing campaigns and continuously improve malware. In 2025, we will undoubtedly see more new tools that require new security measures to mitigate the risks they bring.

"In 2024, our incident response unit has seen a strong increase in AI-driven attacks, a clear decline in ransomware incidents, and more focus on edge devices as a springboard for access to organizations' infrastructure," says Dennis de Hoog, CEO of Computest Security. "We expect these threats to continue to rise as cybercriminals deploy increasingly sophisticated methods. Therefore, organizations must proactively monitor for exfiltration of login data or leaked confidential information and also - where relevant - focus on the security of their OT infrastructure and IoT devices. Only by being proactive can they effectively defend against the rapidly changing cyber threats."