In recent years, cybersecurity has become an increasingly relevant topic for organizations, especially in light of the significant increase in cyber attacks. This year, the challenge will be even more complex, with the use of Artificial Intelligence on various fronts by criminals – as well as the increasing complexity of digital systems and the sophistication of the techniques used by cybercriminals
Defensive strategies will need to evolve to deal with new challenges, how the significant increase in the exfiltration of valid credentials and the exploitation of misconfigurations in cloud environments. Within this perspective, we list the main threats that will keep CISOs awake in 2025
Valid credentials will be the main target
The IBM Threat Intelligence Index for 2024 indicated a 71% increase in attacks targeting the exfiltration of valid credentials. In the service sector, at least 46% of incidents occurred with valid accounts, while in the industry this number was 31%
For the first time in 2024, the exploitation of valid accounts has become the most common entry point of the system, representing 30% of all incidents. This shows that it is easier for cybercriminals to steal credentials than to exploit vulnerabilities or rely solely on phishing attacks
Incorrect cloud configuration is the Achilles' heel of companies
With so many companies using the cloud environment, it is natural that the complexity of environmental management will only increase, as well as the challenges – and the difficulty in having specialized labor. Some of the most common reasons for data breaches in the cloud are related to incorrect configurations of cloud environments: missing access controls, unprotected storage buckets or inefficient implementation of security policies
The benefits of cloud computing need to be balanced by close monitoring and secure configurations to avoid the exposure of confidential data. This requires a cloud security strategy for the entire organization: continuous auditing, proper identity and access management and automation of tools and processes to detect misconfigurations before they become security incidents
Criminals will use multiple attack techniques
The days when attacks targeted a single product or vulnerability are gone. This year, one of the most alarming trends in cybersecurity will be the increasing use of multivector attacks and multi-stage approaches
Cybercriminals use a combination of tactics, techniques and procedures (TTPs), hitting multiple areas at the same time to breach the defenses. There will also be an increase in the sophistication and evasion of web-based attacks, file-based attacks, DNS-based attacks and ransomware attacks, what will make it more difficult for traditional and isolated security tools to effectively defend against modern threats
AI-generated ransomware will exponentially increase threats
In 2024, the ransomware landscape has undergone a profound transformation, characterized by increasingly sophisticated and aggressive cyber extortion strategies. Criminals have evolved beyond traditional attacks based on encryption, being pioneers in double and triple extortion techniques that exponentially increase pressure on targeted organizations. These advanced approaches involve not only encrypting data, but strategically exfiltrate confidential information and threaten its public disclosure, forcing victims to consider ransom payments to avoid potential legal and reputational damage
The emergence of Ransomware-as-a-Service (RaaS) platforms has democratized cybercrime, allowing less technically qualified criminals to launch complex attacks with minimal knowledge. Critically, these attacks increasingly target high-value sectors, how health, critical infrastructure and financial services, demonstrating a strategic approach to maximize potential redemption returns
Technological innovation further amplifies these threats. Cybercriminals are now leveraging AI to automate the creation of campaigns, identify system vulnerabilities more efficiently and optimize ransomware delivery. The integration of high-performance blockchain technologies and the exploration of decentralized finance (DeFi) platforms provide additional mechanisms for the rapid movement of funds and transaction obfuscation, presenting significant challenges for tracking and intervention by authorities
AI-generated phishing attacks will be a problem
The use of generative AI in the creation of phishing attacks by cybercriminals is making phishing emails practically indistinguishable from legitimate messages. Last year, according to information from Palo Alto Networks, there was a 30% increase in successful phishing attempts when emails are written or rewritten by generative AI systems. Humans will become even less reliable as a last line of defense and companies will rely on advanced AI-powered security protections to defend against these sophisticated attacks
Quantum computing will pose a security challenge
In last October, Chinese researchers said they used a quantum computer to break RSA encryption – asymmetric encryption method, widely used today. The scientists used a 50-bit key – which is small when compared to the more modern encryption keys, generally from 1024 to 2048 bits
In theory, a quantum computer can take just a few seconds to solve a problem that conventional computers would take millions of years, because quantum machines can process calculations in parallel, and not just in sequence, as currently. Although quantum-based attacks are still a few years away, organizations must start preparing now. It is necessary to transition to encryption methods that can withstand quantum decryption to protect the most valuable data
