If the last few years taught us anything, it’s that cybercriminals are becoming bolder and more tenacious. And it hasn’t been pretty. The ambitious scale of attacks that once were considered to be the domain of foreign states are instead coming from loosely-organized criminal networks. In fact, the evolution of criminal capabilities has led some foreign adversaries to employ both the technology and the tactics of cybercriminals for geopolitical purposes. Hacktivists have conducted massive denial-of-service attacks against Russian foes. Ransomware gangs specifically target Western governments and businesses. And more cybercriminal activity was observed during the 2024 election cycle than foreign state-sponsored activity. Of course, that doesn’t mean China and Russia aren’t involved; they are simply leveraging criminals, either directly or indirectly, to do their dirty work.
So, what does that mean for 2025? For one, ransomware and other extortion-based attack models aren’t going anywhere. While not a major threat to well-resourced federal agencies, ransomware continues to be the number one cyber threat to basically everyone else. States, local governments, schools, businesses, nonprofits, charity organizations, and even individuals are at risk of having their data stolen and held for ransom. The modern ransomware-as-a-service model, or RaaS, means more ill-intentioned actors can enter the fray, and many of them specifically target organizations with a need to get systems back online quickly, like the nation’s critical infrastructure and schools. These organizations are essential to the normal functioning of our country.
Certainly, the open exposure and continued evolution of generative artificial intelligence (GenAI) will continue to play a huge part in the changing threat landscape. Since late 2022, GenAI has bolstered cyber actor toolkits and allowed new players to enter the arena equipped with code they didn’t create, phishing emails they didn’t write, and confidence they didn’t earn. We’ve observed the creation of new GenAI models trained specifically for malicious use, like WormGPT and DarkBard. Expect many more of these, not just for cyber but for physical crimes, including drug trafficking and human trafficking.
And we can’t talk about 2025 without talking about China. The exposure of multiple campaigns in the “Typhoon” family, as named by Microsoft, highlights the lengths to which the Chinese government will go to pre-position itself against perceived threats to its geopolitical objectives. China plays a different strategic game than we do in the West, and they have been ramping up to a potential invasion of Taiwan for several years. They will continue to use every means available, with a heavy emphasis on cyber and similar measures considered to be below the threshold of war, to dissuade the U.S. and our allies from getting involved. Expect to see more of these efforts exposed in 2025, especially if tensions in the region escalate.