Cyberthreat predictions for 2025 from Barracuda’s security frontline

Topics:

Nov. 25, 2024

Predicting the future isn’t easy, but you can anticipate what is likely to happen by looking at how things have evolved over the past year. This year again, Barracuda asked colleagues who work on the security frontlines about the things they witnessed in 2024 and expect to see in 2025.

According to their insight, 2025 will be the year when:

Threat actors will invest more time and resources in evading or disabling security measures. They will leverage novel, complex, and sophisticated techniques, such as the endpoint detection ‘EDR killer’ and advanced phishing methods.
More attacks will feature multiple approaches. There will be a rise in multichannel, multistage attacks. This will include attacks that infiltrate one platform, such as email, messaging, or collaboration platforms, and then expand laterally to others. More attacks will leverage vulnerabilities in interconnected devices and exploit identity-based vulnerabilities.
AI-powered attacks will continue to evolve, making attacks increasingly personalized, faster, and harder to detect. They will use automation to execute large-scale attacks and target vulnerabilities in software and systems across organizations.
Organizations will worry most about the “unknown” — undetected security gaps, new attack methods, accidental supply chain threats, or an attack occurring without their knowledge — as threat actors increasingly leverage novel tools and techniques to help them breach systems, exfiltrate data, or compromise infrastructure without triggering any immediate alarms.

What most surprised you in 2024 that will shape the cybersecurity landscape in 2025?

Eric Russo, Director SOC Defensive Security: “The resources and focus that threat actors put into evading security controls. Defense evasion has been a part of attack chains for many years, but this year we’ve seen attackers employing new complex methods to evade and/or disable typical security controls. For example, the number of times we saw the EDR killer tactics executed in attacks was an eye-opener. Such methods typically require a high degree of sophistication and time, which we’ve not widely seen before.

Sheila Hara, Senior Director, Product Management: The rapid sophistication of AI-driven attacks, particularly with generative AI models. Attackers leveraged these models to personalize and automate phishing campaigns at scale, creating emails and messages that were indistinguishable from genuine communications.

Yaz Bekkar, Senior Sales Engineer, Barracuda XDR: The rapid rise of AI-powered cyberattacks. This year, threat actors leveraged AI not just to automate attacks but to craft highly sophisticated and personalized phishing attempts. This has significantly increased the number of threat actors. I’ve also noticed a huge increase in Microsoft 365 multifactor authentication (MFA) bypass attacks. What’s particularly alarming is that many customers were, and some still are, unaware that MFA can be bypassed.

Jesus Cordero, Director, Systems Engineering SASE & Cloud: The lack of robust security measures in place for cloud storage and data privacy. The rise of AI-powered cyberattacks concerns me as there’s a corresponding lack of AI implementations in cybersecurity strategies and investment in AI-driven defense mechanisms.

Matt Caffrey, Senior Solutions Architect, ANZ: The continued success of ransomware attacks, despite increased awareness and defenses. Even with improved defenses, the persistence of this threat shows that organizations are still struggling to balance prevention, detection, and recovery.

What is the biggest cybersecurity concern on customers’ and partners’ minds as we approach 2025?

Merium Khalid, Director SOC Offensive Security: The potential use of AI in advanced cyberattacks, particularly deepfakes and highly targeted social engineering. Tech leaders are also apprehensive about how their data might be used in training large language models (LLMs). Organizations fear that employees might inadvertently expose sensitive information to AI applications like ChatGPT and Google Bard, leading to potential data breaches and privacy violations.

Mark Lukie, Director of Solutions Architects, APAC: Many are concerned about fragmented visibility across various threat vectors, making detecting and responding to complex attacks challenging as threats span email, network, and endpoint layers.

ER: The unknown. For example, not knowing where their security gaps are until it's too late. Organizations are doing the right thing by investing in cybersecurity platforms. The challenge then becomes knowing what your organization has out there that needs protecting. They need a complete, updated asset inventory to ensure all devices have endpoint security deployed. Unprotected devices connected to the network are prime targets for attackers. Ensuring full coverage of cybersecurity controls is crucial to a successful cybersecurity program.

SH: Evolving phishing threats and the effectiveness of their current defenses. They are also increasingly concerned with the convergence of cyberthreats across email, messaging, and collaboration platforms. Threat vectors now span multiple communication channels.

YB: Managing the constant increase in data while dealing with increasingly sophisticated attacks. Many organizations struggle to keep up with complex threats due to limited staff or expertise.

JC: In one word: TRUST. Security incidents resulting from human error highlight the need to optimize a cybersecurity strategy based on zero-trust architectures. Customers and partners are becoming more cautious about the security measures implemented by their supply chain and the risks inherent in the daily behavior of their employees.

How do you expect cyberthreats to evolve in 2025?

ER: I expect threat actors to be even more persistent. In the past we would see threat actors disengage when encountering a security control preventing them from pressing forward. I now expect threat actors to continue to focus on developing tactics to attempt to bypass security measures, and the advancement of AI will certainly help facilitate threat actors in these efforts.

SH: We expect to see an uptick in multichannel, multistage attacks, where threat actors infiltrate one platform, such as email, and expand laterally to others. Expect more attacks targeting IoT and remote work infrastructure, leveraging vulnerabilities in interconnected devices. Additionally, attackers may increasingly exploit identity-based vulnerabilities.

MK: In 2025, we expect to see more AI-driven cyberthreats designed to evade detection, including more advanced evasion techniques bypassing endpoint detection and response (EDR), known as EDR killers, and traditional defenses. Attackers may use legitimate applications like PowerShell and remote access tools to deploy ransomware, making detection harder for standard security solutions. AI-enhanced threats will take many forms, from phishing emails generated with flawless grammar and personal details to highly adaptive malware that can learn and evade detection systems.

YB: Cybersecurity is an ongoing struggle, where each new, sophisticated attack is met with ever-evolving solutions designed to detect and protect against them.

In 2025, we can expect cyberthreats to become even more targeted, adaptive, and automated. Attacks will likely be orchestrated at scale, with AI enabling attackers to create diversions and carry out highly automated and sophisticated operations. A major concern for organizations will be the fear that an attack could occur without their knowledge — threat actors may breach systems, exfiltrate data, or compromise infrastructure without triggering any immediate alarms.

JC: I believe cybercriminals will leverage AI- and machine learning-based attacks to target vectors in ever more tailored and faster ways, making it easier to bypass traditional security measures, and using automation to execute large-scale attacks more efficiently, targeting vulnerabilities in software and systems across organizations.

Cybercriminals may use hijacked IoT devices to build larger botnets, leading to more significant distributed denial-of-service (DDoS) attacks.

We are likely to see governments responding to increasing cyberthreats with new regulations and demanding stricter compliance from organizations. This may create challenges for businesses trying to keep up with the changing landscape.

ML: Cyberthreats will become more automated and evasive, leveraging AI to bypass traditional defenses. Attacks on critical infrastructure and cloud services will likely increase, demanding more robust resilience measures.

MC: In 2025, we can expect a rise in targeted attacks on critical infrastructure and small-to-medium enterprises, which often lack the robust security resources of larger organizations. Cybercriminals will likely continue exploiting vulnerabilities in outdated systems and supply chains, making it crucial for companies to invest in stronger, more adaptive security frameworks.

Subscribe to the Barracuda Blog

Tilly Travers

Tilly Travers is Director, PR and Communications, International for Barracuda.

Search the blog

The Ransomware Insights Report 2025

Key findings about the experience and impact of ransomware on organizations worldwide

Get the report

Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance

See how easy it can be to find the vulnerabilities cybercriminals want to exploit

WATCH THE WEBINAR