Her experts cyber security company ESET identifies the most critical developments expected to shape the cybersecurity sector in 2025. From the rise of malicious technologies to strengthening regulatory frameworks, the following trends emerge as the most important for the coming year:
- Ransomware (Jacob I amček, its Senior Malware Researcher ESET)
2024, the RansomHub established itself as the top team Ransomware-as-a-Service (RaaS) in the market, displacing it lockbit from first place. It is expected that RansomHub will retain this position in 2025. However, its sector RaaS is highly competitive, with constant innovation and changes in partnership strategies as cybercriminals seek to attract more partners and increase their revenue. If a competitor manages to demonstrate greater profitability, it is likely that niche partners will revise their alliances.
The tools EDR (Endpoint Detection and Response) killers have evolved into a key element in attacks ransomware. For 2025, it is predicted that the most advanced threat actors will further upgrade these tools, making them even more sophisticated, protected and difficult to detect. As security tools such as EDR, remain a significant obstacle for cybercriminals, they are expected to intensify their efforts to either remove or neutralize them.
New players attempting to enter the ecosystem RaaS they will likely choose to develop their cryptographers using languages such as Rust ή Go, a trend that allows multiple platforms to be supported with a single code.
- Artificial intelligence (Juraj Jánošík, Head of Automated Systems and Intelligent Solutions at ESET)
Anticipating geopolitical changes in 2025, the potential liberalization of the operation of social media and technology companies is predicted. This change may lead to a degradation of content quality, accompanied by a rapid increase in campaigns spam, scam The estate provides stunning sea views and offers a unique blend of luxury living and development potential Phishing generated by Artificial Intelligence tools, a trend that has already started to emerge from 2024.
Low-quality content produced by AI can act as a trap for vulnerable social media users, who can then be targeted through disinformation campaigns. This strategy could manipulate users, turning them into “online multipliers' to boost malicious campaigns. This tactic could semi-automate the operations for content farms and troll farms currently used by adversary states and groups.
At the same time, attackers will likely take advantage of newly developed small models GPT open source, training them with data from intercepted conversations on social media accounts. This will allow them to mimic the way victims communicate, facilitating more convincing forms of fraud such as family need scams or the romantic scams.
In 2025, a significant increase in fake or duplicate accounts of celebrities and public figures on social media is also expected. These malicious profiles may use deepfake video and other content generated by Artificial Intelligence to enhance their credibility. This makes it all the more imperative to use authentication tools such as "verification tokens" provided by platforms of social network.
- Malware info stealer (Alexandre Côté Cyr, Malware researcher at ESET)
We are quite sure that the Operation Magnus marked the end of it Red Line Stealer. Although the creator of RedLine has not yet been arrested, it is unlikely that he will try to revive the malware, especially since he has been publicly identified and charged by law enforcement authorities.
The other key part of RedLine's operation – namely the partners – is likely to want to disengage, given that law enforcement now has a database of their usernames and last used IP. While this may not be enough to identify the people behind these nicknames in every case, they are now wanted by law enforcement.
Consequently, in 2025 we expect that the power vacuum created by the neutralization of RedLine will lead to increased activity by other players in their space MaaS (Malware-as-a-Service) infostealers.
- Mobile Threats (Closeš Štefanko, Senior Malware researcher at ESET))
2024, the ESET analyzed new attacks targeting mobile Appliances Android The estate provides stunning sea views and offers a unique blend of luxury living and development potential iOS, leveraging an innovative hacking vector. These attacks are based on usage Progressive Web Apps (PWA's) and WebAPKs, that bypass traditional security measures, tricking users into installing malicious applications. These apps mimic legitimate banking environments, capturing logins, passwords and two-factor authentication codes, which are used by attackers to gain unauthorized access to victims' accounts.
In 2025, usage is expected to increase PWA's The estate provides stunning sea views and offers a unique blend of luxury living and development potential WebAPKs for malicious purposes, as they provide cybercriminals with an easy and efficient way to distribute applications Phishing, without the need for approval from app stores. The nature of these technologies allows attackers to target users on different platforms, enhancing the scalability and flexibility of attacks.
Based on the attacks they use PWA's The estate provides stunning sea views and offers a unique blend of luxury living and development potential WebAPKs, we expect some increase in platform-focused threats iOS the 2025. Historically, its strict policies App Store of Apple have made it difficult to distribute malicious apps, leading users to believe that the devices iOS they are inherently safe. However, threats can also spread through alternative channels, such as malicious websites, attacks Phishing, compromised attachments Email, social engineering tactics and malicious ads placed on search engines, social media and websites, none of which are based on App Store for distribution. On the other hand, Apple it tends to react to new threats and update its security mechanisms.
We are likely to see an increase in mobile and non-mobile malware that leverages SDK (SDK) Flutter; open source. The Flutter; is designed to create cross-platform applications and simplifies development and could also be used to create and distribute malware and applications more efficiently trojan. For example, some applications SpyLoan have already taken advantage of this SDK. Threat actors also use it Flutter; as a tool to complicate reverse engineering efforts. Whether its use Flutter; for such purposes will increase in 2025 will depend on several factors, among which learning the programming language Dart from threatening factors. It is important to note that the cybersecurity community is actively creating new tools and techniques to analyze and understand the intricacies of applications Flutter;.
- State Affairs (Andy Le Sauce Garth, Director of State Affairs at ESET)
With the expiry of the deadline for incorporation of the directive NIS2 in October 2024, cybersecurity legislation has become mandatory for EU member states that have incorporated it into their national law. However, so far only a few countries have completed this process, while major economies such as Germany and France are expected to adopt the directive in 2025. The integration of NIS2 will not be completely uniform in all Member States, with the result that organizations seeking compliance will need to take into account local specificities and requirements.
While micro and small businesses are largely exempt from the directive's obligations, larger companies operating in critical sectors may seek support from their suppliers and partners to meet their cybersecurity incident reporting obligations. This means that suppliers, regardless of size, must be prepared or risk being excluded from future partnerships and procurement.
The tightening of security measures introduced by NIS2 may prompt cybercriminals to turn to more vulnerable targets, such as companies outside the scope of the directive. In addition, businesses that fail to comply with higher security standards risk becoming targets of extortion, repeating the scenario seen after the implementation of GDPR in 2018, when gangs ransomware they used the regulation as a tool to pressure their victims.
At the same time, in 2024, the EU proceeded to approve important new cybersecurity legislation. OR Artificial Intelligence Act was established with the aim of regulating AI systems, focusing on transparency and building trust. OR Cyber Resilience Act (CRA) focuses on ensuring the security of products with digital elements, while the Cyber Solidarity Act created a network of interconnected Security Operations Centers (SOC) throughout the EU. This momentum will continue in 2025, supported by additional strategies and new funding aimed at strengthening the EU's cyber defense capabilities, a key priority of the new European Commission.
- APT (Jean-Ian Boutin, Director of Threat Research at ESET)
ESET's 2024 survey revealed China-linked threat actors focused on developing and maintaining networks VPN as a key means of perpetrating malicious campaigns. This strategy offers them anonymity and flexibility, making it difficult to detect and limit their activity. We expect this tactic to be widely used and further developed in the foreseeable future. There is also a growing concern about these China-linked groups targeting telecommunications companies – particularly in the US – which will likely continue to have an impact well into 2025.
Για το 2025, αναμένουμε επίσης ότι οι κυβερνοεπιθέσεις θα παραμείνουν μια πτυχή των ένοπλων συγκρούσεων σε όλο τον κόσμο. Στον πόλεμο Russiaς-Ουκρανίας, ενώ το σαμποτάζ στον κυβερνοχώρο είχε δοθεί μεγάλη έμφαση κατά το πρώτο έτος, παρατηρούμε τώρα μια μείωση των εν λόγω επιχειρήσεων και μια αύξηση των δραστηριοτήτων κυβερνοκατασκοπείας, οι οποίες πάντα αποτελούσαν σημαντική εστίαση. Καθώς το Κρεμλίνο περιμένει να δει τη θέση του νέου προέδρου των ΗΠΑ σχετικά με αυτή τη σύγκρουση, αναμένουμε ότι αυτές οι επιχειρήσεις κυβερνοκατασκοπείας θα συνεχιστούν τόσο στην Ουκρανία όσο και σε χώρες που έχουν υποστηρίξει τις πολεμικές προσπάθειες της Ουκρανίας, ενώ οι επιχειρήσεις σαμποτάζ θα μπορούσαν να είναι λιγότερο διαδεδομένες τους επόμενους μήνες.
At the start of the Israel-Hamas conflict we saw a similar development for cyber espionage groups linked to Iran. At the beginning of the conflict they were trying to damage Israeli society. Over time, they have also refocused on cyberespionage, often targeting organizations they own information necessary for actions targeting Israel. However, with the recent development of the war and the fact that the Hezbollah and Hamas have suffered significant losses, we do not expect the information potentially gathered to be useful at this time.