Cyber threats are more complex and dangerous than ever, according to a new CYFOX forecast.
he world of malware is evolving rapidly, with fast paced technological developments and global geopolitical tensions creating a reality where cyber threats are more complex and dangerous than ever, according to "Top Emerging Cyber Threats of 2025" from Israel-based CYFOX.
"2025 is expected to be a turning point in the cyberspace, with attackers focusing on high-value targets, combined with the increasing use of artificial intelligence and other advanced technologies to create custom-made malware," says Nir Yehoshua, Director of Research at CYFOX. In addition, trends such as the wider use of cloud technologies, proliferation of networked (IoT) devices, and a growing dependence on digital services will increase threats to organizations and individuals alike.
Here's a closer look at the trends CYFOX predicts in the coming year.
In the past, most attacks aimed to hit as many victims as possible. However looking ahead to 2025, attackers are expected to shift their focus to specific high-value targets. This trend will be supported by the increasing use of artificial intelligence (AI), which enables the identification of unique vulnerabilities in specific systems.
Looking ahead to next year, the growing capabilities of generative AI will likely increase the risk of cyber threats. With platforms like LinkedIn and social networks making it easier for attackers to gather personal information, they can launch more targeted and effective attacks. The combination of social media and generative AI will also lead to more convincing scams and impersonations, allowing cybercriminals to craft deceptive attacks that are harder to spot. As these threats evolve, it will be crucial to stay alert and strengthen security measures
CYFOX estimates that attackers will continue to leverage AI to upgrade their attack methodologies and tools. 2025 could bring increased use of AI to create custom made malware, which may bypass traditional security systems, such as EDR, Firewall, IDS, while learning the defense mechanisms of these systems to adapt its behavior accordingly.
A particularly concerning development in 2025 will be the rise of dataset-based attacks. These attacks exploit training data from AI or machine learning (ML) systems, influencing their performance and decision-making. They are especially common in systems that rely on data learning to make autonomous decisions or predictions.
As ML systems rely heavily on high-quality data to make accurate predictions, attackers may target and compromise these datasets, causing the models to learn incorrect patterns or develop vulnerabilities. This opens the door for targeted attacks or for deceiving the system entirely, and these types of attack could become a major threat in 2025
Stealer Malware will continue to establish itself as a major threat actor and will become a key tool in the toolbox of attack groups, with a special emphasis on stealing access data, financial information, and sensitive files from personal and professional systems. CYFOX predicts that 2025 will bring a growing focus on the use of this type of malware, with attackers using sophisticated AI-based tools to effectively hide their traces and improve their stealth and evasion capabilities.
There has been a significant increase in the detection of this type of malware in recent months, with 30% of all detections, according to the CYFOX MailSecure research team. This sophisticated malware uses advanced techniques to steal information, including passwords, email data, and financial information found on infected systems.
One of the well-known examples of stealer malware is Agent Tesla malware, which, despite its lack of complexity, is perceived as an effective malware for stealing a wide range of data. This explains its popularity among various, not always very technical, attackers and underscores the critical importance of continuously identifying and neutralizing such threats.
Espionage, cybercrime, and information operations will remain ongoing strategies for nations to pursue their geopolitical interest.
In recent years, especially since the start of the Iron Swords war (Israel-Hamas 2023 war), Israel has been facing ongoing cyberattacks from Iranian-backed threat actors and other groups supported by the Iranian regime. These attacks are aimed at critical infrastructure, including energy, water, transportation, strategic targets, government agencies, and defense industries. The goal is to disrupt Israel's economy and undermine the stability of the state. The tension in the region poses a significant challenge not only to Israeli entities, but also to its allies, which could be indirect targets through supply chain attacks.
In the first week of the , CYFOX XDR detected intensive activity by an attack group affiliated with Iran and pro-Palestinian entities. The malware, called BiBi, was targeting Israeli companies and was intended to infiltrate critical systems, collect sensitive information, and carry out disruptive actions designed to undermine the ability of the attacked organizations to respond and recover.
Attack groups are expected to focus their efforts on targeting the supply chains of large companies. Instead of attacking the primary and protected target, they will attack suppliers or partners to exploit the connections between them and penetrate these systems.
At the end of 2024, a supply chain attack was unveiled in which attackers were able to inject a malicious version into a key software tool used by many companies. The attack was designed to steal private keys -- sensitive data that allows access to secure systems or digital assets. These types of attacks exploit organizations' dependence on external components or services, such as software libraries or tools provided by third parties. Rather than directly targeting a well secured organization, attackers increasingly focus on its suppliers and partners, which often lack the same level of security. By exploiting these weaker links in the supply chain, they can bypass the advanced security measures of the primary target. CYFOX estimates that 2025 will see an increase in supply chain attacks, using more sophisticated methods. These attacks are expected to cause significant damage to critical assets in organizations that depend on external software components and services. The time to exploit vulnerabilities will continue to decrease, and the range of targeted vendors will expand.