Virtualization Technology News and Information
Article
RSS
Stellar Cyber 2025 Predictions: Cybercrime Will Get Worse in 2025, But New Technologies Can Help

vmblog-predictions-2025 

Industry executives and experts share their predictions for 2025.  Read them in this 17th annual VMblog.com series exclusive.

By Aimei Wei, Founder and CTO of Stellar Cyber

Cybercrime grows every year and is now larger than the illegal drug trade. The future will be even worse, because attacks are more frequent and costly than ever. But if AI tools help hackers, they can also level the playing field for cybersecurity. 

Attacks are Up, Up, Up

Cybersecurity Ventures predicts payouts from victims to reach $10.5 trillion by 2025. According to a 2024 article in Forbes:

  • There were 2,365 cyberattacks in 2023, with 343,338,964 victims.
  • 2023 saw a 72% increase in data breaches since 2021, which held the previous all-time record. 
  • Around the world, a data breach cost $4.88 million on average in 2024. 
  • Email is the most common vector for malware, with around 35% of malware delivered via email in 2023. 
  • 94% of organizations have reported email security incidents. 
  • Business email compromises accounted for over $2.9 billion in losses in 2023.

The Attack Surface is Bigger Than Ever

  • There are now 30-40 billion devices on the internet worldwide -we're all connected to each other, and perimeter defenses like firewalls alone are no longer effective.
  • 90% of business email compromises come from individuals clicking on malicious links. These attacks on individuals or small companies can leak out to larger companies or government agencies.
  • Remote work trends have exploded the attack surface, and although they may work for companies with good protection, individuals have become complacent at remote sites.

It's a grim picture. In 2025, hackers will increase their use of AI and deepfakes to create new, more sophisticated attacks more quickly.

AI-Assisted Attacks are Becoming Common

Malicious actors are increasingly using AI to penetrate perimeter defenses. Hackers use  Large Language Models that work with Generative AI applications (like ChatGPT) to accelerate attack creation and automate email message targeting.

Recently, one AI-driven exploit was used to attack a US-based water system, remotely raising the chlorine level in the water and impacting 17 states. 

Deepfakes are Assaulting Credibility

Another growing trend is the use of deepfakes in videos, emails and phone calls to scam money from individuals and businesses. An article in The Treasurer magazine states that CEO fraud targets at least 400 companies every day, and other top executives are also targets of these attacks. In one incident, hackers used deepfakes of a company's CFO and other employees in a  videoconference to get an employee to transfer $25 million to an account in Hong Kong.

Cyberwarfare - The New Frontier

If you thought state-based disinformation campaigns were bad, we now have countries using cyberattacks against one another. Recent evidence shows that Russia, China, Iran and North Korea have worked together to launch highly sophisticated cyberattacks in the United States. Given the potential for disruption and economic damage, cyberattacks could well become the primary means by which countries attack one another.

For today, though, phishing emails and messages have provided unauthorized access to networks and sensitive data for the vast majority of hackers in the millions of campaigns conducted over the last 12 months. Many people spot phishing attacks because they contain spelling or grammar errors, or they have the wrong context, but AI tools are making it easier for hackers to create letter-perfect emails. 

To evaluate its own phishing awareness,  the National Institute of Standard and Technology (NIST) created a test email from a spoofed Gmail address that claimed to be from one of NIST's directors. The subject line was "PLEASE READ THIS," and the body greeted the recipient by first name and stated, "I highly encourage you to read this." The next line was a URL, with the text "Safety Requirements." It concluded with simple sign-off from the (supposed) director. This email - and others that focused on hyper-aligned safety-requirements - had average click-through rates of 49.3%. Even in shockingly short, single-line attacks - it's the message's cues and context that dictate its efficacy.

Fighting Back

Perimeter security (firewalls and encryption) and passwords have been the two most important safeguards, but they aren't enough anymore. Users must be extremely suspicious of unsolicited emails, pop-up ads, and website URLs; and organizations need advanced, AI-driven cybersecurity platforms that continually inspect all aspects of the IT infrastructure to spot and remedy multi-vector attacks. 

In the future, quantum computing will change the game again. It too will become a tool for hackers, and will be used with AI to make cyberattacks even faster, more capable and more accurate. Eventually, quantum computers will be able to rapidly break any encryption code. Of course, cybersecurity vendors will also incorporate the technology, so we'll continue to escalate the arms race between the good guys and the bad guys.

##

ABOUT THE AUTHOR

Aimei Wei, Founder and CTO of Stellar Cyber

Aimei Wei

Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua working experience for both early-stage startups including Nuera, SS8 Networks, and Kineto Wireless as well as well-established companies like Nortel, Ciena, and Cisco. Prior to founding Stellar Cyber, she was actively developing Software-Defined Network solutions at Cisco. Aimei enjoys building a product from its initial design to its final launch. Aimei has an M.S. in Computer Science from the Queen’s University in Kingston, Canada and an Undergraduate degree in Computer Science from the Tsinghua University of China.

Published Thursday, November 07, 2024 7:35 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567