In recent years, cybersecurity has become an increasingly relevant topic for organizations, especially in light of the significant rise in cyberattacks. This year, the challenge will be even more complex, with the use of Artificial Intelligence on various fronts by criminals – as well as the increasing complexity of digital systems and the sophistication of techniques employed by cybercriminals.
Defensive strategies will need to evolve to address new challenges, such as the significant increase in valid credential exfiltration and the exploitation of misconfigurations in cloud environments. Within this perspective, we list the main threats that will keep CISOs awake in 2025:
Valid credentials will be the main target
The 2024 IBM Threat Intelligence Index reported a 71% increase in attacks targeting the exfiltration of valid credentials. In the service sector, at least 46% of incidents occurred with valid accounts, while in the industry this number was 31%.
For the first time in 2024, the exploitation of valid accounts became the most common entry point in the system, accounting for 30% of all incidents. This shows that it is easier for cybercriminals to steal credentials than to exploit vulnerabilities or rely solely on phishing attacks.
Cloud misconfiguration is an Achilles heel for businesses
With so many companies using the cloud environment, it is natural that the complexity of managing the environment will only increase, as well as the challenges—and the difficulty in obtaining specialized labor. Some of the most common reasons for data breaches in the cloud are related to misconfigurations of cloud environments: missing access controls, unprotected storage buckets, or inefficient implementation of security policies.
The benefits of cloud computing need to be balanced with close monitoring and secure configurations to prevent exposure of sensitive data. This requires a cloud security strategy for the entire organization: continuous auditing, proper identity and access management, and automation of tools and processes to detect misconfigurations before they become security incidents.
Criminals will use multiple attack techniques
The days when attacks targeted a single product or vulnerability are gone. This year, one of the most alarming trends in cybersecurity will be the increasing use of multivector attacks and multi-stage approaches.
Cybercriminals use a combination of tactics, techniques, and procedures (TTPs), targeting multiple areas simultaneously to breach defenses. There will also be an increase in the sophistication and evasion of web-based attacks, file-based attacks, DNS-based attacks, and ransomware attacks, making it more difficult for traditional and isolated security tools to effectively defend against modern threats.
AI-generated ransomware will increase threats exponentially
In 2024, the ransomware landscape underwent a profound transformation, characterized by increasingly sophisticated and aggressive cyber extortion strategies. The criminals have evolved beyond traditional cryptography-based attacks, pioneering double and triple extortion techniques that exponentially increase pressure on targeted organizations. These advanced approaches involve not only encrypting data but also strategically exfiltrating confidential information and threatening its public disclosure, forcing victims to consider ransom payments to avoid potential legal and reputational damage.
The emergence of Ransomware-as-a-Service (RaaS) platforms has democratized cybercrime, allowing less technically skilled criminals to launch complex attacks with minimal knowledge. Critically, these attacks are increasingly targeting high-value sectors such as healthcare, critical infrastructure, and financial services, demonstrating a strategic approach to maximize potential ransom returns.
Technological innovation further amplifies these threats. Cybercriminals are now leveraging AI to automate campaign creation, identify system vulnerabilities more efficiently, and optimize ransomware delivery. The integration of high-performance blockchain technologies and the exploration of decentralized finance (DeFi) platforms provide additional mechanisms for rapid fund movement and transaction obfuscation, posing significant challenges for authorities' tracking and intervention.
AI-generated phishing attacks will be a problem
The use of generative AI in creating phishing attacks by cybercriminals is making phishing emails virtually indistinguishable from legitimate messages. Last year, according to information from Palo Alto Networks, there was a 30% increase in successful phishing attempts when emails are written or rewritten by generative AI systems. Humans will become even less reliable as a last line of defense, and companies will rely on advanced AI-powered security protections to defend against these sophisticated attacks.
Quantum computing will pose a security challenge
Last October, Chinese researchers claimed to have used a quantum computer to break RSA encryption – an asymmetric encryption method widely used today. The scientists used a 50-bit key – which is small compared to the more modern encryption keys, usually ranging from 1024 to 2048 bits.
In theory, a quantum computer can take only a few seconds to solve a problem that conventional computers would take millions of years, because quantum machines can process calculations in parallel, not just sequentially, as they do currently. Although quantum-based attacks are still years away, organizations should start preparing now. It is necessary to transition to cryptographic methods that can resist quantum decryption to protect the most valuable data.
