Predicting the future isn’t easy, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontlines about the things they witnessed in 2024 and expect to see in 2025.
According to their insight, 2025 will be the year when:
- Threat actors will invest more time and resources in evading or disabling security measures. They will leverage novel, complex, and sophisticated techniques, such as the endpoint detection ‘EDR killer’ and advanced phishing methods.
- More attacks will feature multiple approaches. There will be a rise in multichannel, multistage attacks. This will include attacks that infiltrate one platform, such as email, messaging, or collaboration platforms, and then expand laterally to others. More attacks will leverage vulnerabilities in interconnected devices and exploit identity-based vulnerabilities.
- AI-powered attacks will continue to evolve, making attacks increasingly personalized, faster, and harder to detect. They will use automation to execute large-scale attacks and target vulnerabilities in software and systems across organizations.
- Organizations will worry most about the “unknown” — undetected security gaps, new attack methods, accidental supply chain threats, or an attack occurring without their knowledge — as threat actors increasingly leverage novel tools and techniques to help them breach systems, exfiltrate data, or compromise infrastructure without triggering any immediate alarms.
Global
What most surprised you in 2024?
Eric Russo, Director SOC Defensive Security: The resources and focus that threat actors put into evading security controls. Defense evasion has been a part of attack chains for many years, but this year we’ve seen attackers employing new complex methods to evade and/or disable typical security controls. For example, the number of times we saw the EDR killer tactics executed in attacks was an eye-opener. Such methods typically require a high degree of sophistication and time, which we’ve not widely seen before.
Sheila Hara, Senior Director, Product Management: The most surprising shift in 2024 was the rapid sophistication of AI-driven attacks, particularly with generative AI models. Attackers leveraged these models to personalize and automate phishing campaigns at scale, creating emails and messages that were indistinguishable from genuine communications. This development raised the bar for email security solutions, requiring new detection models and a higher degree of real-time threat intelligence to stay ahead.
Merium Khalid, Director SOC Offensive Security: The global outage resulting from a security vendor’s update highlighted the devastating potential of supply chain vulnerabilities, such as impacting critical sectors like airports and hospitals. Such incidents underscore the urgent need for resilience against both intentional and accidental supply chain threats.
What is the biggest cybersecurity concern on customers’ and partners’ minds as we approach 2025?
ER: The unknown. For example, not knowing where their security gaps are until it’s too late. Organizations are doing the right thing by investing in cybersecurity platforms. The challenge then becomes knowing what your organization has out there that needs protecting. They need a complete, updated asset inventory to ensure all devices have endpoint security deployed. Unprotected devices connected to the network are prime targets for attackers. Ensuring full coverage of cybersecurity controls is crucial to a successful cybersecurity program.
SH: Customers and partners are most concerned about evolving phishing threats and the effectiveness of their current defenses. As AI-driven and highly targeted attacks become more common, there’s growing anxiety about whether existing security measures can effectively prevent breaches, especially with hybrid work environments increasing vulnerability. They are also increasingly concerned with the convergence of cyberthreats across email, messaging, and collaboration platforms. Threat vectors now span multiple communication channels. Protecting sensitive data, preventing insider threats, and achieving ease of use across solutions have become major priorities, alongside the ongoing need to defend against phishing and ransomware.
MK: As we approach 2025, customers and partners are increasingly concerned about the potential use of AI in advanced cyberattacks, particularly deepfakes and highly targeted social engineering. The rapid evolution of generative AI raises questions about how these tools might be weaponized, creating new security and trust challenges. Additionally, the rise of AI-powered attacks will make cybercriminal activities more scalable and sophisticated. Tech leaders are also apprehensive about how their data might be used in training large language models (LLMs). Organizations fear that employees might inadvertently expose sensitive information to AI applications like ChatGPT and Google Bard, leading to potential data breaches and privacy violations.
How do you expect cyberthreats to evolve in 2025?
ER: In 2025 I expect threat actors to be even more persistent. In the past, we would see threat actors disengage when encountering a security control preventing them from pressing forward. I now expect threat actors to continue to focus on developing tactics to attempt to bypass security measures, and the advancement of AI will certainly help facilitate threat actors in these efforts.
SH: In 2025, cyberthreats will likely become even more targeted and adaptive, leveraging AI for real-time evasion techniques. We expect to see an uptick in multi-channel, multi-stage attacks, where threat actors infiltrate one platform, such as email, and expand laterally to others. Expect more attacks targeting IoT and remote work infrastructure, leveraging vulnerabilities in interconnected devices. Additionally, attackers may increasingly exploit identity-based vulnerabilities, making Zero Trust architectures and behavior-based detection paramount in preventing breaches.
MK: In 2025, we expect to see more AI-driven cyber threats designed to evade detection, including more advanced evasion techniques bypassing endpoint detection and response (EDR), known as EDR killers, and traditional defenses. Attackers may use legitimate applications like PowerShell and remote access tools to deploy ransomware, making detection harder for standard security solutions. The integration of AI in cyberattacks is one of the most critical developments predicted for 2025, with AI-enhanced threats taking many forms, from phishing emails generated with flawless grammar and personal details to highly adaptive malware that can learn and evade detection systems.
EMEA
What most surprised you in 2024?
Yaz Bekkar, Senior Sales Engineer, Barracuda XDR: The rapid rise of AI-powered cyberattacks. This year, threat actors leveraged AI not just to automate attacks but to craft highly sophisticated and personalized phishing attempts. This has significantly increased the number of threat actors. I’ve also noticed a huge increase in Microsoft 365 MFA bypass attacks. What’s particularly alarming is that many customers were, and some still are, unaware that MFA can be bypassed in such ways. It has been a wake-up call for many organizations to reassess their security layers beyond simply implementing MFA.
Jesus Cordero, Director, Systems Engineering SASE & Cloud: The lack of robust security measures in place for cloud storage and data privacy. The rise of AI-powered cyberattacks concerns me as there’s a corresponding lack of AI implementations in cybersecurity strategies and investment in AI-driven defense mechanisms. Lastly, several high-profile phishing scams emerged during this year, tricking even seasoned professionals into revealing sensitive information. These scams utilized social engineering techniques that were surprisingly effective, demonstrating the ongoing challenge of human error in cybersecurity.
What is the biggest cybersecurity concern on customers’ and partner’s minds as we approach 2025?
YB: Managing the constant increase in data while dealing with increasingly sophisticated attacks. Many organizations struggle to keep up with complex threats due to limited staff or expertise. I’ve noticed a growing demand for solutions that can auto-remediate issues without requiring hands-on intervention.
JC: In one word: TRUST. Security incidents resulting from human error highlight the need to optimize a cybersecurity strategy based on zero-trust architectures. Customers and partners are becoming more cautious about the security measures implemented by their supply chain and the risks inherent in the daily behavior of their employees. IT has shifted from ‘full trust’ through an era of ‘de-trusting’ into an identity-based ‘Zero-Trust era’ for accessing data, applications and devices.
How do you expect cyberthreats to evolve in 2025?
YB: Cybersecurity is an ongoing struggle, where each new sophisticated attack is met with ever-evolving solutions designed to detect and protect against them. The battle never truly ends.
In 2025, we can expect cyberthreats to become even more targeted, adaptive, and automated. Attacks will likely be orchestrated at scale, with AI enabling attackers to create diversions and carry out highly automated and sophisticated operations. It’s becoming increasingly difficult for companies to fully protect themselves without disrupting business operations. A major concern for organizations will be the fear that an attack could occur without their knowledge—threat actors may breach systems, exfiltrate data, or compromise infrastructure without triggering any immediate alarms.
JC: I believe cybercriminals will leverage AI and machine-learning-based attacks to target vectors in ever more tailored and faster ways, making it easier to bypass traditional security measures, and using automation to execute large-scale attacks more efficiently, targeting vulnerabilities in software and systems across organizations.
The proliferation of Internet of Things (IoT) devices will lead to an increased attack surface, providing more opportunities for hackers to exploit vulnerabilities in connected devices. Cybercriminals may use hijacked IoT devices to build larger botnets, leading to more significant distributed denial-of-service (DDoS) attacks. Nation-state actors can leverage this to target critical infrastructure, such as power grids, water supplies, and healthcare systems, to disrupt services and instigate chaos.
We are likely to see governments responding to increasing cyber threats with new regulations and demanding stricter compliance from organizations. This may create challenges for businesses trying to keep up with the changing landscape.
Asia Pacific
What most surprised you in 2024 in terms of cyberthreats/cybersecurity?
Mark Lukie, Director of Solution Architects – APAC: Cybercriminals’ rapid integration of generative AI made social engineering attacks more convincing and phishing campaigns more widespread. We also saw an increase in email attacks using newer techniques such as QR codes.
Matt Caffrey, Senior Solutions Architect, ANZ: The continued success of ransomware attacks, despite increased awareness and defenses, was a major surprise in 2024. The topic has been elevated to the mainstream media. Attackers have evolved their tactics, focusing on double extortion by threatening to leak sensitive data, as we saw with larger companies within ANZ. Even with improved defenses, the persistence of this threat shows that organizations are still struggling to balance prevention, detection, and recovery.
What is the biggest cybersecurity concern on customers’ and partner’s minds as we approach 2025?
ML: Many are concerned about fragmented visibility across various threat vectors, making detecting and responding to complex attacks challenging. As threats span email, network, and endpoint layers, customers see XDR (extended detection and response) as essential for unifying security insights and enhancing detection accuracy. With XDR, they aim to achieve centralized, real-time visibility and rapid response across diverse attack surfaces, helping to address evolving threats more effectively.
MC: The biggest concern remains the protection of sensitive data, especially as businesses increasingly rely on cloud-based services. These concerns are centered around ransomware events. Customers are worried about how to effectively manage their security posture across different environments while ensuring compliance with stricter data privacy. Data privacy is the main focus being brought into effect local to ANZ, see here.
How do you expect cyberthreats to evolve in 2025?
ML: Cyberthreats will become more automated and evasive, leveraging AI to bypass traditional defenses. Attacks on critical infrastructure and cloud services will likely increase, demanding more robust resilience measures.
MC: In 2025, we can expect a rise in targeted attacks on critical infrastructure and small-to-medium enterprises, which often lack the robust security resources of larger organizations. Cybercriminals will likely continue exploiting vulnerabilities in outdated systems and supply chains, making it crucial for companies to invest in stronger, more adaptive security frameworks.
This article was originally published at Barracuda Blog.
Photo: Mouse family / Shutterstock