In recent years, cybersecurity has become an increasingly relevant topic for organizations, especially considering the significant rise in cyber attacks. This year, the challenge will be even more complex, with the use of Artificial Intelligence in various fronts by criminals – as well as the growing complexity of digital systems and the sophistication of techniques used by cybercriminals.
Defensive strategies will need to evolve to address new challenges, such as the significant increase in the exfiltration of valid credentials and the exploitation of incorrect configurations in cloud environments. Within this perspective, we list the main threats that should keep CISOs awake in 2025:
Valid credentials will be the main target
The 2024 IBM Threat Intelligence Index reported a 71% increase in attacks targeting the exfiltration of valid credentials. In the services sector, at least 46% of incidents occurred with valid accounts, while in the industry, this number was 31%.
For the first time in 2024, the exploitation of valid accounts became the most common point of entry into the system, accounting for 30% of all incidents. This shows that it is easier for cybercriminals to steal credentials than to exploit vulnerabilities or rely solely on phishing attacks.
Incorrect cloud configuration is the Achilles’ heel of companies
With so many companies using the cloud environment, it is natural that the complexity of managing the environment will only increase, as well as the challenges – and the difficulty of having specialized labor. Some of the most common reasons for data breaches in the cloud have to do with incorrect cloud environment configurations: missing access controls, unprotected storage buckets, or inefficient implementation of security policies.
The benefits of cloud computing need to be balanced by close monitoring and secure configurations to avoid exposing confidential data. This requires a cloud security strategy for the entire organization: continuous auditing, proper identity and access management, and automation of tools and processes to detect incorrect configurations before they become security incidents.
Criminals will use multiple attack techniques
Gone are the days when attacks hit a single product or vulnerability. This year, one of the most alarming trends in cybersecurity will be the increasing use of multi-vector attacks and multi-stage approaches.
Cybercriminals use a combination of tactics, techniques, and procedures (TTPs), targeting multiple areas simultaneously to breach defenses. There will also be an increase in sophistication and evasion of web-based attacks, file-based attacks, DNS-based attacks, and ransomware attacks, making it more difficult for traditional and isolated security tools to effectively defend against modern threats.
AI-generated ransomware will exponentially increase threats
In 2024, the ransomware landscape underwent a profound transformation, characterized by increasingly sophisticated and aggressive cyber extortion strategies. Criminals have evolved beyond traditional encryption-based attacks, pioneering double and triple extortion techniques that exponentially increase pressure on targeted organizations. These advanced approaches involve not only encrypting data but strategically exfiltrating confidential information and threatening its public disclosure, forcing victims to consider ransom payments to avoid potential legal and reputational damage.
The emergence of Ransomware-as-a-Service (RaaS) platforms democratized cybercrime, enabling less technically qualified criminals to launch complex attacks with minimal knowledge. Critically, these attacks are increasingly targeting high-value sectors such as health, critical infrastructure, and financial services, demonstrating a strategic approach to maximizing potential ransom returns.
Technological innovation further amplifies these threats. Cybercriminals are now leveraging AI to automate campaign creation, identify system vulnerabilities more efficiently, and optimize ransomware delivery. The integration of high-performance blockchain technologies and the exploration of decentralized finance (DeFi) platforms provide additional mechanisms for rapid fund movement and transaction obfuscation, presenting significant challenges for authorities’ tracking and intervention.
AI-generated phishing attacks will be a problem
The use of generative AI in creating phishing attacks by cybercriminals is making phishing emails virtually indistinguishable from legitimate messages. Last year, according to Palo Alto Networks information, there was a 30% increase in successful phishing attempts when emails are written or rewritten by generative AI systems. Humans will become even less reliable as a last line of defense, and companies will rely on advanced AI-powered security protections to defend against these sophisticated attacks.
Quantum computing will pose a security challenge
Last October, Chinese researchers claimed to have used a quantum computer to break RSA encryption – an asymmetric encryption method widely used today. The scientists used a 50-bit key – which is small compared to modern encryption keys, usually ranging from 1024 to 2048 bits.
In theory, a quantum computer could take just a few seconds to solve a problem that conventional computers would take millions of years, because quantum machines can process calculations in parallel, not just in sequence as currently. Although quantum-based attacks are still a few years away, organizations should start preparing now. It is necessary to transition to encryption methods that can resist quantum decryption to protect the most valuable data.
