Introduction
The digital space isn’t the independent bubble many perceive it to be. It runs parallel to its physical counterpart—driven by innovation, collaboration, and constant activity. What happens in one space invariably affects the other, including disruptions.
While the world embraces digitization, current tumultuous inter-global activities have turned the tide in terms of collaboration, digital presence, and security priorities. Many nations are now embracing deglobalization as they focus on enhancing their security, with infrastructure, data, and the most economically promising services now expected to remain within the country.
The consequences of deglobalization and the push for digital sovereignty are triggering large-scale changes where, unfortunately, security is taking a back seat. The flawed belief that “anything kept and maintained domestically is secure” prevents nations from forming a united front against cybercrime.
Cybercriminal activities know no borders. How can we possibly build effective protection without collective intelligence sharing, defense improvements, and strategic responses to emerging threats? These challenges are aggravated by the upcoming cybersecurity threats we face—not as individual nations but as a global society.
What are the key cyber threats shaping the year ahead and beyond, you ask? Hear it from Group-IB’s CEO, Dmitry Volkov to stay defense-ready and ahead in the fight against cybercrime.
#1 AI-driven manipulations and cyberattacks
Artificial intelligence, or AI, is a macro trend that will continue to evolve in the coming years. As AI becomes more embedded in business operations and critical infrastructure, the risks of exploits, data exposures, disinformation, and other threats continue to rise.
AI adoption is growing, but security and governance protocols are struggling to keep up. This mismatch leaves sensitive data, credentials, and critical assets vulnerable to attacks. While some risks are accidental, it’s clear that threat actors are purposely using AI to become more disruptive.
Cybercriminals continue to use AI in advanced ways—like AI jailbreaks, generating malicious code, and even seeking technical advice for cyberattacks. AI enables them to create scams, gather intelligence, and even launch mass or highly targeted attacks, especially through social media and online reconnaissance, which are increasingly challenging our current defense strategies.
Generative AI (GenAI) and large language models (LLMs) will play a key role in Cybercrime-as-a-Service (CaaS), automating the creation and deployment of cyber threats such as phishing campaigns, exploit kits, malware, and more.
That said, even though AI’s potential is being misused, it is also tipping the scales in favor of cyber defenders, helping them better protect against risks. Learn more about the complete AI landscape in our previously published Cybersecurity X AI e-guide.
#2 Rising cyber espionage, sabotage, nation-state threat activity
Today’s geopolitical sensitivities motivate threat activities, with online attacks becoming a typical means of waging war. Increasing cross-regional tensions have led to politically motivated cybercrime, including hacktivism, spyware to steal sensitive information, critical infrastructure attacks, supply chain disruptions, etc.
The collateral damage from these activities now can potentially create an even more disastrous impact—a direct consequence of deglobalization. Centralizing critical systems and resources, such as a single data center, domain registrar, or DNS infrastructure, without proper redundancy or backups increases vulnerabilities. This makes countries easier targets for threat actors, also raising the risk of massive service outages as a single point of failure could bring the entire system down.
For instance, In June 2024, Indonesia experienced a major disruption in its government services due to a ransomware attack on its National Data Center (PDN). This cyberattack, attributed to the LockBit ransomware group, impacted several government services, including immigration and licensing systems. A similar incident was reported in India, where the Information Technology Development Agency (ITDA) experienced a malware attack. This incident led to the shutdown of approximately 186 state department websites for over 60 hours.
This year saw a lot of sabotage activity, including incidents like the Red Sea attack (affecting cables linking Europe, Africa, and Asia) and the Baltic Sea attack (targeting the cable between Finland and Estonia), where essential global connectivity setups were deliberately targeted.
Another attack on Viasat’s satellite services disrupted customers and critical services, such as Ukraine’s military communications. Chinese hackers breached US court wiretap systems in the telecom sector, compromising the nine companies, including Verizon Communications, AT&T, and Lumen Technologies, that were severely affected by the discovered intrusion.
Such attacks are only expected to increase as tensions across borders persist.
#3 Deepfake and synthetic media exploits
When you think of deepfakes and synthetic media, you probably imagine eerily realistic videos, glitchy visuals, and distorted expressions accompanied by too-good-to-be-true messages. But deepfake technology is rapidly evolving and becoming a tool for misinformation, brand abuse, fraud, and privacy violations.
Synthetic media, including deepfakes, involves altering voices, images, and message components to manipulate viewers and listeners into taking specific actions. Sophisticated deepfakes don’t require expensive tools; they can be made with free tools as shown by Group-IB experts here:
Deepfakes are increasingly challenging biometric verification systems. They allow fraudsters to bypass security measures and gain unauthorized access, which can lead to various criminal activities.
A recent example involves Group-IB’s Fraud Protection team working with a financial institution to identify over 1,100 deepfake fraud attempts. The investigation started when a client sought to understand face-swapping techniques and tools being used to target citizens in Indonesia. Fraudsters were exploiting advanced AI technologies like deepfakes to target vulnerabilities in biometric security systems.
Our investigation indicated the use of virtual cameras to spoof facial recognition and nearly $138.5M was lost in Indonesia alone due to fake loan approvals. If you want to learn more about how threat actors utilize this toolset. Read the full report here.
This is just one example of a tidal wave of attacks on the horizon. The CEO of WPP, Mark Read, was a recent target when cybercriminals cloned his image and voice to set up a fake Microsoft meeting, attempting to solicit money and personal details by getting everyone on board for a new business setup.
We’re also witnessing synthetic representations of government officials and celebrities from all over the world, used to spread fake news and propaganda and manipulate people. The rise in such threats has alerted authorities across industries to strengthen their deepfake detection and protection strategies to minimize reputational and financial impact.
#4 Shapeshifting and hyper-scaling fraud
AI’s influence is seen across all cyber activities, and assumingly, fraudsters are finding innovative ways to exploit it for scam automation, marketing, and distribution. Deepfake technology, social engineering ploys, automated chats, emails, and phone calls are now part of advanced scams to create even more convincing fraud platforms, online affiliate programs, and fabricated identities and credentials to deceive and defraud victims.
A growing component of the scam ecosystem is scam call centers. Once confined to less developed regions due to limited legislative power and lax enforcement, these centers are forming an illegal global economy. Crime networks’ financial schemes now either involve individuals directly—through trafficking to scamming compounds—or indirectly, by luring people into fraudulent activities through fake job postings, pig butchering schemes, and other scam-related content.
Increasing scams have reportedly caused double-digit billion losses. To capitalize on this opportunity, cybercriminals have extended their operations to other regions, such as the Middle East, Eastern Europe, Latin America, West Africa, and the United States.
They are likely to emerge in mature economies in the future, with greater access to potential targets. Potential vulnerabilities such as exploitable legal measures, enforcement mechanisms, and evolving tactics based on the complexity of mature systems may further the growth.
The need to build an effective defense against fraud and scam threats is immediate, and it goes beyond siloed defenses. It involves building a collective shield through intelligence sharing among financial institutions – including fraud schemes, mule accounts, detection logic, and effective counterstrategies. Such collaboration ensures that banks protect their clients and ensures international collaboration to identify scams and means of disinformation.
Group-IB continuously upgrades its patented Fraud Protection solution to defend against emerging fraud schemes. We empower our customers and industries with targeted fraud intelligence across the entire kill chain, built into the solution: https://www.group-ib.com/products/fraud-protection/fraud-matrix/
In one of its previous reports, Gartner recognized Group-IB as one of the only two vendors providing organizations with the capability to identify Tactics, Techniques, and Procedures (TTPs) used by fraudsters early in the Cyber Fraud Attack Chain.
That said, identity authentication also remains critical for businesses to stopping fraud early in its tracks. Group-IB Fraud Protection facilitates this through multifactorial verification – behavioral biometrics, device fingerprinting, anti-money laundering (AML) systems, and more. These checks also help in compliance reporting, risk scoring, and enhanced internal and external threat detection, among other use cases.
#5 Autonomous system hacks
Self-driven, self-learning models capable of solving human problems without manual intervention are an exciting reality today. As the world increasingly adopts autonomous technologies—from chatbots, auto-update solutions to self-operating systems—the need to secure them against cyber threats cannot be overstated.
These systems rely on AI to make decisions and adapt in real-time, creating opportunities for cybercriminals to exploit AI’s predictability through sophisticated attacks. This includes adversarial techniques that manipulate the data used to train or operate AI systems, exploits targeting system vulnerabilities, attacks on interconnected networks, unauthorized takeovers, backdoor intrusions, and data leaks that could compromise critical systems across sectors. This is especially concerning for IT/OT, critical infrastructure sectors, where large-scale autonomous systems support industries, such as minimally intelligent computers guiding mechanical processes.
#6 Your “neighbour” may become your vulnerability
For businesses, managing vulnerabilities within their own perimeters is no longer sufficient—they can also be exploited through their neighbors’ vulnerabilities. An unconventional class of attack, known as the “nearest neighbor attack,” highlights this risk.
A recent example reported by Volexity involved a Russian-origin APT group that breached a targeted company’s (Organization A) enterprise network despite being thousands of miles away. The attackers first compromised a nearby organization within the target’s Wi-Fi range. They then moved laterally within this organization’s network to locate devices connected to wired and wireless networks, ultimately gaining access to Organization A’s network by exploiting vulnerabilities in interconnected systems.
This unconventional attack technique raises an important question: how can organizations defend against lateral attacks originating from devices they neither own nor manage?
#7 Cloud targeting
Everything is moving to the cloud. Businesses are leveraging the efficiency, extensive data exchange capabilities, and virtually limitless potential of cloud and multi-cloud environments to collaborate and grow. However, this transition also attracts attackers who increasingly target cloud infrastructures by creating malicious services and launching effective phishing campaigns to infiltrate cloud environments.
Common challenges such as data migration vulnerabilities, network security misconfigurations, insecure APIs, access management flaws, and weak encryption practices only amplify these risks. Lax security in configuring, accessing, and managing cloud infrastructure can leave your organization more exposed than secure, making cloud protection essential.
It is advised to constantly run cloud infrastructure audits, use automated monitoring tools to identify vulnerabilities in the environment, and implement strict hygiene measures company-wide to prevent threats such as cloud jacking, privacy concerns, and more aggressive threats such as ransomware.
To mitigate the security risks associated with serverless environments, infrastructure providers—such as AWS, Azure, or Google Cloud—and businesses can benefit from the expertise of leading cybersecurity service providers. For example, Group-IB’s current partnership with AWS focuses on countering threats like phishing, email scams, user account fraud, payment fraud, malicious bots, mobile Trojans, and more. These threats are detected and prevented effectively through real-time monitoring and analysis of user behavior across multiple sources.
#8 Identity-based attacks call for adaptive verification
Linking every online interaction to the real user behind it has become critical to ensuring the integrity and security of the digital trade. Identity exploitation is a growing concern, and current security practices fail to curb it.
A common practice of people reusing passwords across multiple accounts increases the risk of data leaks and exposed credentials.
Exploiting weaknesses in authentication methods is another way identity exploitation occurs. Authentication via Google, Microsoft, and other identity providers uses an SSO-based login mechanism, where attackers only need to bypass a single verification layer by obtaining credentials through advanced phishing or malware attacks.
Once credentials are compromised, attackers can impersonate users across various platforms, and even two-factor authentication (2FA) may not prevent this. This facilitates the creation of fake accounts, cross-IDP impersonation, and multi-access attacks.
As adversaries increasingly exploit systems to fulfill malicious objectives, verification mechanisms must evolve to counter modern identity-based attacks, fraud, and social engineering threats. Adaptive verification is the successive development in authentication, surpassing MFA (multi-factor authentication) and 2FA (two-factor authentication). This advanced method authenticates runtime users based on risk factors like location, device integrity, and behavior patterns.
With the rise of synthetic identity fraud, media manipulation, and exploits targeting system vulnerabilities, adopting multifactorial verification protocols might become a norm—especially in critical sectors such as banking and finance.
To keep pace with the momentum, Group-IB Fraud Protection offers risk-based authentication, ensuring precise user verification by assessing multiple parameters. These measures significantly reduce the risk of identity exploitation.
🛡️Build resilience against the expanding attack surface with Group-IB
Despite robust cybersecurity being a much-stated need for every business today, there’s still a smokescreen surrounding its purpose and accountability. Many businesses still lack proper cybersecurity strategies or frameworks beyond basic hygiene protocols.
Cyber leaders often struggle to connect risk management directly to business growth and stability. This makes it hard to justify spending and allocate sufficient budgets. As a result, cybersecurity is often seen as a “cost center.”
Although CISOs should prioritize adopting AI-enhanced security operations for predictive threat intelligence, runtime monitoring and visibility, and automating incident response, security management, and control validation, it is not an absolute answer to emerging threats.
When facing an enemy with intricate thought patterns, an expert’s counterintuition, critical judgment, understanding of the local threat context, and ability to read between the lines remain irreplaceable.
If the focus is just prevention, security wouldn’t be complete and truly robust; building resilience is the need of the hour. Since we’ve already entered 2025, the time for implementation is now. Remember these trends as you revisit the chalkboard to shape your cybersecurity strategy for the year. To build one tailored to your business’s threat landscape, learn how Group-IB’s localized intelligence and on-the-ground expertise can help.
With our team in your region who truly understands your business and speaks your language, we become more than a service provider—we’re your trusted partner in maintaining resilience.
Build your cyber defenses for 2025 and beyond with Group-IB
