40.4 F
Washington D.C.
Monday, February 17, 2025

HSToday Threat Forecast 2025: Cybercriminals

If the last few years taught us anything, it’s that cybercriminals are becoming bolder and more tenacious. And it hasn’t been pretty. The ambitious scale of attacks that once were considered to be the domain of foreign states are instead coming from loosely-organized criminal networks. In fact, the evolution of criminal capabilities has led some foreign adversaries to employ both the technology and the tactics of cybercriminals for geopolitical purposes. Hacktivists have conducted massive denial-of-service attacks against Russian foes. Ransomware gangs specifically target Western governments and businesses. And more cybercriminal activity was observed during the 2024 election cycle than foreign state-sponsored activity. Of course, that doesn’t mean China and Russia aren’t involved; they are simply leveraging criminals, either directly or indirectly, to do their dirty work. 

So, what does that mean for 2025? For one, ransomware and other extortion-based attack models aren’t going anywhere. While not a major threat to well-resourced federal agencies, ransomware continues to be the number one cyber threat to basically everyone else. States, local governments, schools, businesses, nonprofits, charity organizations, and even individuals are at risk of having their data stolen and held for ransom. The modern ransomware-as-a-service model, or RaaS, means more ill-intentioned actors can enter the fray, and many of them specifically target organizations with a need to get systems back online quickly, like the nation’s critical infrastructure and schools. These organizations are essential to the normal functioning of our country. 

Certainly, the open exposure and continued evolution of generative artificial intelligence (GenAI) will continue to play a huge part in the changing threat landscape. Since late 2022, GenAI has bolstered cyber actor toolkits and allowed new players to enter the arena equipped with code they didn’t create, phishing emails they didn’t write, and confidence they didn’t earn. We’ve observed the creation of new GenAI models trained specifically for malicious use, like WormGPT and DarkBard. Expect many more of these, not just for cyber but for physical crimes, including drug trafficking and human trafficking. 

And we can’t talk about 2025 without talking about China. The exposure of multiple campaigns in the “Typhoon” family, as named by Microsoft, highlights the lengths to which the Chinese government will go to pre-position itself against perceived threats to its geopolitical objectives. China plays a different strategic game than we do in the West, and they have been ramping up to a potential invasion of Taiwan for several years. They will continue to use every means available, with a heavy emphasis on cyber and similar measures considered to be below the threshold of war, to dissuade the U.S. and our allies from getting involved. Expect to see more of these efforts exposed in 2025, especially if tensions in the region escalate. 

Randy Rose
Randy Rose
Randy Rose is the Senior Director of Security Operations and Intelligence for the Multi-State Information Sharing and Analysis Center (MS-ISAC). He is responsible for overseeing the operational components of the MS-ISAC and EIections Infrastructure Information Sharing and Analysis Center (EI-ISAC), including a team of more than 55 analysts and operators providing around-the-clock support to U.S. State, Local, Tribal, and Territorial (SLTT) organizations across the spectrum of cybersecurity operations, from proactive identification of threats, through detection of ongoing attacks in real-time, to response and remediation following an incident. Rose has been a public servant in varying capacities since 2003 when he enlisted in the United States Air Force. Prior to joining CIS, he was a Department of Defense (DoD) civilian, running the largest Security Operations Center (SOC) in Europe for the Defense Information Systems Agency (DISA). Rose moved to Germany from Hampton Roads, Virginia where he had spent years building the DoD’s first team dedicated to providing Intelligence support to Defensive Cyber Operations (DCO). As the Deputy Intelligence Officer for the Navy Cyber Defense Operations Command (NCDOC) in Suffolk, VA, he oversaw the operations of over 100 sailors and civilians, led incident response efforts on 7 named operations, drove the design and implementation of a $2M digital forensics and malware analysis enclave, and brought innovative solutions to bear including cloud browser isolation, saving hundreds of millions of dollars in incident response costs per year. Rose has previously supported the Defense Intelligence Agency, the NY State Comptroller’s Office, the NY Air National Guard, and the Naval Nuclear Propulsion Program at Knoll’s Atomic Power Laboratory. While at the NYS Comptroller’s Office, he developed and implemented the first cybersecurity audit and assessment program for municipalities and special districts as well as the first cybersecurity assessment program for municipally-owned Operational Technology, focused primarily on energy, water, and port control systems. Rose holds a Master’s of Science in Cybersecurity and a Bachelor’s in Anthropology with a focus on Human Biology and Forensics. His independent research focuses on physical security, social engineering, and future technologies, particularly as they pertain to the humane use of technology.

Related Articles

- Advertisement -

Latest Articles