Image generated by OpenAI's DALL·E
The current BSI Situation Report 2024 (The Federal Office for Information Security (BSI) is Germany's national cybersecurity authority) shows that the threat situation has not eased in contrast to the BSI Situation Report 2023 - rather, additional factors have emerged that are further exacerbating the security situation. In view of this, the question of which challenges will shape cyber security in 2025 is coming into focus. Technological developments such as the growing role of AI and quantum computing, geopolitical tensions and increasing regulatory requirements are likely to play a decisive role.
This article aims to analyze key trends and risks that are expected in the coming year and to shed light on their potential impact on companies and private individuals.
A variety of data sources were taken into account to assess the key risks and trends for 2025. A thorough analysis of current security events, insights from cyber security events and the evaluation of current threat reports form the basis. This is supplemented by the qualitative assessments of several experienced security experts and quantitative data from leading providers in the field of cyber security in order to create the most comprehensive picture possible of the challenges ahead.
Key Threats and Risks 2025
New Technologies and Advanced Attacks
🤖 Cyberattacks with AI
🧬 Threat to Classical Encryption by Quantum Computing
🎭 Increasing Threat of Deepfakes
Critical Infrastructure and Systems
🏭 Rising Attacks on Connected IoT and OT Technologies
🌐 Targeted Attacks on SaaS and Cloud Providers
🔒 Faster Exploitation of Vulnerabilities in Devices like Firewalls and VPNs
Traditional and State-Sponsored Attacks
🕵️♂️ Threats from State-Sponsored Actors
💰 Ransomware and Multi-Functional Extortion
🔗 Increased Supply Chain Attacks
Data and Software Risks
📁 Infostealer Malware
🛠️ Risks from Insecure Source Code
Explanations of the Cyber Threat Landscape 2025
The risks listed above are explained in more detail below to provide a deeper understanding of the potential dangers and their impact.
🤖 Cyberattacks with AI
Attackers are increasingly using artificial intelligence (AI) to make their attack methods more efficient and targeted. Companies around the world are starting to use more AI-based security solutions, but attackers are just as likely to follow suit. They use AI to create personalized phishing emails, identify security vulnerabilities in real time, or improve automated attack tools. Forecasts for the number of AI-assisted attacks in 2025 are rising sharply. Phishing attacks in particular are benefiting from this development: recent studies show that AI-assisted phishing attacks have an increased success rate. A study by SoSafe found that 21% of recipients clicked on malicious content in AI-generated phishing emails, while 65% revealed personal information on linked websites.
🧬 Threat to Classical Encryption by Quantum Computing
The ongoing development of quantum computers poses a serious threat to the currently common asymmetric encryption methods such as RSA or ECC. These technologies could be able to crack encryptions that were previously considered secure within a few hours. A report by the European Telecommunications Standards Institute (ETSI) shows that 25% of ETSI members are already working on further developing algorithms to counteract these risks. The urgency is great, as forecasts suggest that quantum computers with significant performance could be ready for use by 2029.
In addition, the Fraunhofer Institute for Applied and Integrated Security (AISEC) also predicts that powerful quantum computers could be able to break current cryptographic methods from the early 2030s.
💰 Ransomware and Multi-Functional Extortion
Ransomware remains one of the biggest threats to companies worldwide. Statista estimates that by 2027, the cost of cybercrime worldwide could rise to $23.84 trillion. A large part of this will probably be due to ransomware. Modern ransomware attacks are increasingly relying on "triple extortion": In addition to encrypting data, sensitive information is exfiltrated and victims are additionally put under pressure by DDoS attacks.
We have already written a blog post on this in the past - 🔒 Ransomware Unveiled: How It Works, RaaS & Its Impact on Businesses 🚨
According to SoSafe, almost every second company in Germany paid a ransom, which increases the attractiveness of such attacks.
🔗 Increased Supply Chain Attacks
Supply chain attacks are increasing rapidly and pose a significant threat. These attacks focus on the weakest links in the supply chain, such as service providers or partner companies, making closer monitoring and securing partner networks essential.
One example of this is the attack on the Swedish-Finnish IT service provider Tietoevry in January 2024. The IT systems of several Swedish authorities and companies were indirectly compromised, including the Swedish government's central HR system and numerous online shops.
A single successful supply chain attack can compromise numerous target systems and organizations simultaneously, multiplying the damage significantly.
🎭 Increasing Threat of Deepfakes
The rapid development of deepfake technology enables the creation of deceptively real videos and audio recordings, which are increasingly being misused for criminal purposes. Deepfake content could increasingly be used to carry out fraudulent activities, blackmail people or spread targeted disinformation in order to undermine trust, enable manipulation and cause chaos. AI-generated calls or video calls in which attackers pose as executives, business partners or the IT department are particularly dangerous. These calls are often so realistic that the voice, facial expressions and appearance of the fake person appear deceptively real, making them an extremely effective manipulation technique. According to McAfee, 70% of people in the survey are not sure whether they could tell the difference between the deepfake voice and the real voice.
🏭 Rising Attacks on Connected IoT and OT Technologies
The number of connected IoT devices will continue to experience exponential growth in the coming years - be it increasing networked building technology or temperature sensors in truck transport. The increasing aging process of OT devices, such as production machines, coupled with the reluctance to purchase new ones, contributes significantly to risk exposure and increases vulnerability to security gaps. Vulnerabilities in IoT and OT systems not only threaten IT security, but also critical physical infrastructures such as energy suppliers and production facilities. Inadequate encryption and missing security updates are particularly risky, making it easier for attackers to compromise and manipulate devices in order to cause operational failure or a threat.
A striking example of the security risks in the area of operational technology (OT) and the Internet of Things (IoT) is the attack on the water supply in Oldsmar, Florida, in February 2021. Unknown perpetrators gained access to the water treatment plant's control system via remote maintenance software and attempted to increase the concentration of sodium hydroxide to a dangerous level.
🕵️♂️ Threats from State-Sponsored Actors
State-supported hacker groups such as APT28 or Lazarus Group are increasingly focusing on critical infrastructure, research facilities and geopolitically sensitive targets. In its current situation report, the BSI is concerned about the possibility that strategically motivated actors in the context of geopolitical conflicts are posing as ransomware criminals to carry out sabotage against important infrastructure, given the enormous damage and costs caused by ransomware worldwide. This camouflage enables strategically motivated actors to deny their participation without diplomatic or economic influence.
📁 Infostealer Malware
Infostealer malware is growing rapidly and poses a significant threat to businesses and individuals. According to Kaspersky, over 10 million devices worldwide were infected with infosealer malware in 2023, stealing an average of 50.9 credentials per device.
Infostealer malware is often distributed via phishing campaigns or compromised websites, with victims often not realizing that their data has been stolen in real time. Many infostealers are standalone malware that focuses exclusively on data theft - without encrypting the device afterwards.
The risk of stolen credentials remains high - in many ransomware incidents, these are used as an entry vector.
🔒 Faster Exploitation of Vulnerabilities in Devices like Firewalls and VPNs
Security vulnerabilities, especially in essential devices such as firewalls and VPN gateways, are being exploited by cybercriminals at an ever-increasing rate. Studies show that many vulnerabilities are actively exploited within 48 hours of their publication, which poses significant challenges for IT teams to implement patches in a timely manner and secure systems.
A striking example of rapid exploitation of vulnerabilities concerns the CVE-2022-42475 vulnerability, which allowed attackers to execute unchecked code and compromise firewall systems, was actively exploited just hours after publication.
🌐 Targeted Attacks on SaaS and Cloud Providers
With the increasing shift of services and sensitive data to the cloud, SaaS and cloud providers are increasingly becoming the focus of cyberattacks. These providers manage large amounts of critical information, making them attractive targets for attackers. According to data from the BSI Situation Report 2024, public cloud infrastructures were attacked more frequently in 2024. Most of these attacks aimed at compromising access data, injecting malware or bypassing security configurations.
A prominent example is the attack on a large cloud platform in which attackers gained access to customer data via a faulty API interface. Such incidents show how important it is to protect not only the infrastructure but also the security of the platforms themselves.
🛠️ Risks from Insecure Source Code
Insecure source code remains one of the most common causes of security incidents, as vulnerabilities are often hidden in widely used software components. A striking example is the vulnerability of XZ Utils, an open source data compression tool used in almost all Linux distributions and numerous other operating systems and applications. This vulnerability allowed attackers to bypass the authentication of the SSH service and gain unauthorized access to affected systems. Due to the enormous distribution of XZ Utils, potentially millions of systems were affected, which further underlines the criticality of this vulnerability.
According to an analysis by GitHub, 56% of open source projects have similar vulnerabilities, which highlights the importance of secure development practices, regular code reviews and automated security checks.
Disclamer
The trends and risks of the Cyber Threat Landscape 2025 presented in this article are based on current findings and assessments. However, an accurate assessment of the security situation can only be made once the developments have actually occurred. The content is therefore intended as a guide only and should not be understood as a final forecast.