Image: © rainer/Stock.adobe.com
Great tech-spectations? SiliconRepublic.com heard from cybersecurity experts about potential threats that can be expected in the new year.
With destructive malware and opportunistic hackers around every corner, it can sometimes be dauting to traverse the world wide web.
Oftentimes, the simplest option is to trust your gut instinct, especially when it comes to receiving suspicious links popping up in your emails, after all, email attacks remain a massive issue according to US cybersecurity business Abnormal Security. However, even the most careful web users and experienced tech companies can still fall victim to cyberthreats.
As part of our Tech Trends 2025 series, SiliconRepublic.com has heard from a variety of cybersecurity experts about their predictions on what harmful trends could potentially emerge in 2025, and some even offered potential ways to combat cyberthreats.
Ransomware – the new ‘stand and deliver’
In many ways, ransomware is the modern equivalent of a flamboyantly dressed bandit stopping a horse-drawn carriage with a flintlock pistol and demanding them to hand over their goods.
Last month, multinational professional services provider KPMG noted that 2024 saw a new record for levels of ransomware extortion payments.
Chandrodaya Prasad, executive VP of product management at US cybersecurity company SonicWall, predicts that ransomware attacks will only continue to increase in frequency and sophistication.
“The emergence of ransomware-as-a-service will make it easier for cybercriminals to launch attacks without technical expertise, leading to a broader range of organisations, including smaller businesses, becoming targets,” he said.
Another member of a US-based cybersecurity company, OPSWAT, also maintained that ransomware poses a grave threat to critical infrastructure. Itay Glick, the VP of products at OPSWAT, also pointed to ransomware as a “grave threat to critical infrastructure”, highlighting an incident in April 2023, which saw the ALPHV group, also known as BlackCat, successfully targeting NCR, a leading provider of ATM and payment solutions.
“This attack disrupted the Aloha POS platform widely used in restaurants, demonstrating how ransomware can cripple operations and highlight the necessity for advanced threat detection and incident response capabilities,” Glick explained.
In addition, Mark Bowling, chief information security and risk officer at US cybersecurity company ExtraHop, which provides AI-based network intelligence, is of the view that nation-state ransomware groups will “increase in volume and sophistication” in 2025.
“Industries like healthcare will experience heightened risk for potentially devastating attacks driven by escalating geopolitical conflicts across Russia, China, Iran, and North Korea,” he said.
Potential abuse and defence led by AI
In many ways, AI is a gamechanger, as it can give us a lot of useful benefits and assist workers. Unfortunately, it can also be easily used for sinister purposes. Pedram Amini, chief scientist at OPSWAT, warned of escalating sophistication and increasing abuse of AI.
“The drum beat of the evolution of threats will of course continue, with nation states increasing their attacks on physical devices and appliances. Machine learning-assisted scams will increase significantly in their volume, quality and believability. As costs associated with machine learning compute decrease, we’ll see the transition from assisted to fully operated.”
Organisations should also expect increased attacks on employees’ personal devices, and thus prioritise training and novel detection controls to prepare for AI-enhanced social engineering attacks, according to Amini.
However, there is hope, as the tables can be turned against those abusing AI. Douglas McKee, executive director of threat research at US-based cybersecurity company SonicWall, predicts that AI will become a defensive tool and “a strategic force multiplier” in 2025.
“It will enable organisations to stay one step ahead of state-sponsored criminals, adapt to quantum threats and protect critical infrastructure in an increasingly hostile threat landscape,” McKee said. “AI’s continuous learning, predictive power and automation will continue to redefine cybersecurity without replacing the human element.”
A new wave of fraud powered by GenAI
Speaking of AI, generative AI (GenAI) has shown a huge amount of potential for a plethora of sectors. But Bowling warns that a new wave of fraud is coming at us “full steam ahead”.
“With GenAI easily accessible to hackers, we’re going to see more impersonation tactics posing a huge threat to our society. Hackers are quickly becoming more proficient in identifying vulnerable attack surfaces, and the human element is one of the biggest.”
He provided one extremely concerning example to hammer home his point. “We can expect there to be more impersonations of police officers generated by GenAI in efforts to gain access to login credentials.
“As we enter 2025, there will be a bigger emphasis on identity protection measures as we learn to contend with impersonation issues. This means having stronger authentication methods like multifactor authentication and identity and access management tools that check for abnormalities when credentials are being used.
Quantum computing resistance
Quantum cryptography refers to a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data in a way that cannot be hacked.
Despite this reassuring factor, McKee predicts that 2025 will see the rise of quantum-resistant cryptography. “While large-scale quantum decryption of algorithms is unlikely in 2025, targeted attacks on specific or older cryptographic implementations may become more advanced,” he said.
“Despite ongoing ‘quantum apocalypse’ fears being overstated, developing quantum-resistant cryptography will remain a priority for researchers and organisations as part of long-term resilience planning.
“Governments and private sectors will boost investments in post-quantum solutions, emphasising broader cybersecurity measures to address potential early threats.”
Global supply chain risks
With all of these threats in mind, a broader one concerns James Neilson, senior international VP at OPSWAT. What if a person or a group with a great deal of hacking expertise can compromise the global supply chain?
We’ve already seen attackers target not just individual companies but the interconnected networks of suppliers and partners that support them. In 2020, the SolarWinds breach saw hackers break into the systems of the IT software provider used by many companies and US government agencies, allowing hackers to breach several agencies.
And in 2021, Kaseya reported a “sophisticated attack” on its VSA software which affected up to 1,500 businesses worldwide.
Neilson said he expects global supply chain attacks to make the headlines again next year. He said that if a devastating hack, of equal or even worse proportions to the SolarWinds hack were to occur to the global supply chain, it could result in power outages, halted production lines or even “safety-to-life events”.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
