Ekaterina Snegireva
Senior analyst, Research Group of PT Cyber Analytics

Technology is rapidly integrating into every aspect of our lives. Gartner highlights the continued impact and influence of analytics, vast amounts of data, and AI across an ever-broadening range of industries. However, these trends also expand opportunities for cybercriminals. Now that we're in 2025, let's explore how cyberattacks are evolving and the types of attacks we're likely to see for the rest of the year.

If 2023 focused on exploring AI's potential, 2024 marked the year businesses began widely adopting it. AI technologies are also becoming increasingly popular with everyday users: large language models now act as personal assistants, summarizing books, analyzing data, creating psychological profiles based on favorite songs, and even offering support during difficult moments—almost like a friend.

Cybercriminals also use AI to achieve their goals. In November, we published a study highlighting the role of AI in cyberattacks. In 2024, generative AI was primarily used for mass phishing campaigns, but it was also employed in other malicious activities. Attackers used AI to gather victim information, exploit vulnerabilities, and create or modify malicious code. For instance, in June 2024, a phishing campaign was discovered where AsyncRAT was distributed via malicious JavaScript and VBScript, likely generated using AI. In October 2024, OpenAI reported preventing over 20 attempts since the start of the year to misuse AI for malicious purposes, such as malware development and debugging. Positive Technologies also identified attacks targeting AI researchers.

The potential use of AI in cyberattacks is extensive. A study by Positive Technologies reveals that AI could potentially be applied across all MITRE ATT&CK tactics and in more than half (59%) of the techniques in the future. One key factor contributing to the rise in cyberattacks is the growing integration of AI into everyday software. This creates two significant challenges: first, it compels cybercriminals to deepen their understanding of AI technologies to effectively target these systems; second, it expands the attack surface, introducing an additional component that can be exploited.

Forecasts

• We predict that social engineering tactics will continue to evolve as cybercriminals gain a deeper understanding of AI tools. In particular, we expect a significant increase in the use of AI-generated phishing texts and deepfakes, which have already proven effective in targeting both individuals and organizations while spreading various forms of misinformation. Generative AI allows attackers to create highly personalized emails that are free from spelling and grammar errors. Furthermore, in 2025, we anticipate advancements in voice, photo, and video deepfakes. Tools for producing these deepfakes, once considered complex and requiring specialized skills, are now widely available and easy to use, posing an even greater threat. In 2024, reports of biometric data leaks raised concerns about the potential misuse of stolen information to create deepfakes. According to Gartner, by 2026, AI-generated deepfake attacks based on facial biometrics could prompt some companies to reconsider the reliability of biometric authentication as a standalone security measure. Cybercriminals can exploit fake content not only for targeted attacks on individuals, such as financial theft, but also for large-scale disinformation campaigns. For instance, deepfakes of prominent media figures could be used to spread false information.
• More malicious tools with AI capabilities are expected to appear, leading to an increase in attacks using AI-generated malware. Cybercriminals remain interested in these tools because AI can automate tasks like vulnerability scanning, data analysis, and text recognition. For example, in Q2 2024, we observed malware developers actively using optical character recognition (OCR) technology. In September, McAfee researchers discovered a new type of Android malware, SpyAgent, which uses OCR technology to extract data from images on devices to gain access to cryptocurrency wallets. These new features are driving competition in the cybercrime market, encouraging malware developers to integrate AI modules into their tools.
• In 2025, data breaches could increase due to the growing use of AI in organizations. According to a survey by the National Cybersecurity Alliance and CybSafe, 38% of employees admitted to using AI tools to process work data without informing their employer.

People often overestimate the capabilities of AI. According to BeyondTrust, expectations for AI technologies peaked in 2024 and are expected to decline in 2025. Forrester Research predicts that many companies anticipating returns on AI investments will adjust their plans and reduce spending in this area. It’s important to stay realistic by exploring new technologies while ensuring strong cybersecurity measures. As cybercriminals continue to integrate AI into their attacks, defenders must also enhance their security tools. The logical response to offensive AI is to develop more efficient defensive AI that can automatically detect and prevent threats.
 

In the fall of 2024, we published a study on cyberthreats in the financial sector, highlighting the growing adoption of new technologies like digital currencies. In 2023, there was a noticeable increase in experiments and pilot projects with central bank digital currencies (CBDCs). While this trend was mainly driven by developed countries, several developing nations also intensified their efforts. Currently, 134 countries, representing 98% of the global economy, are developing central bank digital currencies (CBDCs). Over half of these countries are in advanced stages, such as pilot projects or preparing for launch. For example, the Central Bank of Iran is set to introduce its digital currency, the digital rial, to modernize its banking system and enhance international financial cooperation. Similarly, the European Central Bank is working on the development of a digital euro.

In Russia, a pilot project for the development of the digital ruble has been underway since August 2023, involving 13 banks and several hundred specialists. In January 2024, another 17 banks joined the project, and by July 2025, the digital ruble could become accessible to all Russian citizens. The digital ruble may be widely introduced in 2025–2027. Globally, nearly 50 pilot projects are currently in progress, including testing of China’s national digital currency, the e-CNY, which was the first digital currency and already had over 260 million users by January 2022.

In today's tense geopolitical climate, countries are working to develop independent payment systems for international trade. The BRICS member states developed BRICS Pay, an independent payment system, to facilitate safe and transparent trade relations for over 150 countries. BRICS Pay will use a gold-backed stablecoin (a digital currency pegged to gold) as its settlement unit. The value and structure of this stablecoin will be based on the International Monetary Fund's Special Drawing Rights (SDRs), an international reserve asset. Russia, in collaboration with the central banks of BRICS countries, is developing the BRICS Bridge payment infrastructure. This system is designed to facilitate transactions in national currencies, including digital currencies.

Digital assets, including cryptocurrencies, are becoming increasingly popular. According to a 2023 survey conducted by the Bank for International Settlements, two-thirds of the 86 respondent jurisdictions had already implemented or were in the process of developing regulatory frameworks for stablecoins and other cryptoassets. The European Union is also advancing its efforts with the Markets in Crypto-Assets Regulation (MiCA), which is scheduled to take full effect at the beginning of 2025.

In 2024, the demand for blockchain lawyers in Russia grew by 39%. Specialists with expertise in digital financial assets were the most sought-after during Q1–Q3 2024. From January to September 2024, the demand for them increased by 118% compared to the same period in 2023. According to the Central Bank of Russia, in Q2–Q3 of 2024, Russians increasingly turned to cryptocurrency exchanges. During this period, Russian traffic on cryptocurrency exchange websites rose by 56.5% compared to the previous period, totaling 166.9 million visits and peaking in Q2 2024.

The global market for cryptowallets is experiencing significant growth. In 2023, it was valued at $11.1 billion and is projected to reach $47.8 billion by 2030, with an annual growth rate of 23.2%. Cryptowallets are becoming increasingly popular as more individuals and businesses adopt cryptocurrencies for transactions, investments, and savings. This rising use of cryptocurrencies worldwide is driving the demand for secure and user-friendly digital asset management solutions.

The blockchain market has grown significantly, increasing from $12.55 billion in 2023 to $16.67 billion in 2024. It is projected to grow at an average annual rate of 33.81%, reaching $96.48 billion by 2030. The primary driver of this growth is the widespread adoption of blockchain in the financial sector, where it is used to enable secure and efficient transactions. Additionally, the rising demand for transparency and traceability in supply chains is further accelerating the adoption of blockchain solutions. Distributed ledger technology is revolutionizing various industries by providing secure, transparent, and tamper-proof transactions across the globe.

Digital transformation is set to reshape the cybersecurity landscape for financial organizations in the coming years. This transformation is also expected to drive an increase in cyberattacks targeting individuals.

Forecasts

• In 2025, attacks on cryptocurrency holders are expected to increase, with new ways to trick users. Scams to steal digital currencies will become more common, making it harder to protect funds.
• Both security experts and cybercriminals will be looking for weaknesses in systems used for digital currency transactions and new platform solutions.
• If tracking cryptocurrencies becomes more effective and threatens dark web users, they will likely look for new, harder-to-trace payment methods. A possible trend could be the rise of new cryptocurrencies focused on maximum anonymity. As cryptocurrency adoption grows worldwide, new platforms may appear, but some could be exploited by malicious actors for money laundering. For instance, last summer, researchers revealed that the seemingly legitimate online marketplace Huione Guarantee was used to launder money from online fraud.

Internet of Things (IoT) devices are now widely used in everyday life, industrial settings, and urban infrastructure.. Smart homes, smart manufacturing, and smart cities rely on numerous IoT devices. Analysts predict that the number of IoT devices worldwide will almost double, growing from 15.9 billion in 2023 to over 32.1 billion by 2030. These devices include anything that can connect to communication networks, such as smartphones, smart bracelets, home electronics, video cameras, medical equipment, manufacturing tools, and sensors used in transportation infrastructure.

The IoT ecosystem is divided into domains based on device application. Consumer IoT enhances daily life through devices like smart speakers and home automation systems. Extended Internet of Things (XIoT) is an umbrella term that encompasses numerous cyber-physical systems¹, such as the Internet of Medical Things (IoMT), smart buildings (building management systems), Industrial IoT (IIoT), and Operational Technology (OT) networks.

In a study on the cyberthreats to industrial IoT, we noted that companies are adopting IIoT to address a range of challenges. Whether monitoring production, tracking IT equipment, or automating process adjustments, IIoT has proven transformative. Cyberthreats to edge devices include hardware vulnerabilities, firmware flaws, and malware designed to cause service disruptions or equipment failures. Weak passwords and unsecured internet connections also present significant risks. Data transfer protocols and IoT gateways are vulnerable to flaws in both the protocols themselves and vendor solutions. As IIoT platforms expand and data storage and processing centers grow, these systems become prime targets for cybercriminals.

The industry is rapidly embracing automated, smart manufacturing. Key trends include streamlining technological workflows, integrating AI into existing systems, adopting digital twins, and scaling Industrial IoT (IIoT) solutions. A platform-centric approach, along with deeper integration of IT and OT processes, is anticipated to deliver superior business outcomes. Analysts forecast that the global industrial software market will grow at an average annual rate of 20.7%, increasing from $93 billion in 2023 to approximately $482 billion by 2032. Similarly, the Russian industrial software market is expected to expand, driven by efforts in import substitution and the development of new cutting-edge solutions.

The widespread adoption of IoT increases the potential for cyberattacks, which can lead to critical incidents for organizations. According to Claroty's 2024 survey, 45% of respondents from various companies reported financial losses of $500,000 or more in the past 12 months due to cyberattacks targeting cyber-physical systems. The sectors hardest hit by cyberattacks were chemical manufacturing, energy, and mining. Nearly half of respondents globally (49%) reported experiencing more than 12 hours of downtime due to cyberattacks over the past year. About 49% indicated that the recovery process took a week or more, while nearly a third (29%) stated that recovery took over a month. Additionally, 45% of respondents noted that at least half of their cyber-physical assets are connected to the internet, and a concerning 32% admitted to using open ports. The majority (82%) also revealed that at least one cyberattack in the past 12 months originated from third-party supplier access to their cyber-physical systems (CPS) environment.

In addition to the widespread adoption of consumer and industrial IoT, there is rapid growth in smart cities. These are complex, interconnected systems that leverage technologies like IoT, AI, and big data to manage various aspects of daily life. Key areas of focus include public transportation, utilities (such as "smart energy" and "smart water supply"), and public space management. The construction industry is also evolving to align with this trend. For instance, in Russia, there is a growing focus on developing smart apartment buildings, integrating technology into residential infrastructure.

Forecasts

• New smart city technologies offer opportunities for a more comfortable life but also raise the risk of cyberattacks. In 2025, attacks on consumer and industrial IoT systems are expected to increase, potentially impacting both individual apartments and entire cities.
• Organizations will increasingly adopt zero-trust infrastructures, where no system component is unconditionally trusted. They will also focus on securing the supply chains of software and hardware components, as well as managing the security of contractor and partner access to cyber-physical systems.
• There will be a growing interest in edge computing² from both organizations and malicious actors. Cybercriminals are expected to increasingly target edge devices, such as controllers and sensors. In today’s volatile geopolitical environment, poorly protected industrial devices will likely remain a key target for hacktivists. As highlighted in our cybersecurity report on IIoT, if malicious actors improve their skills, the consequences could become even more severe, especially when targeting critical infrastructure organizations like energy companies.

Storing and analyzing vast amounts of data almost always rely on cloud infrastructure. Cloud computing is a key driver in the development and implementation of innovations like machine learning and digital twins. Cloud analytics is one of the factors that give companies a competitive edge. Businesses generate vast amounts of data from various sources, including customer-related information, operational process data, and external market factors. Cloud analytics helps manage and analyze such data effectively. In industries like retail, finance, and manufacturing, where data-driven strategies are crucial for growth and innovation, cloud analytics has become an indispensable tool for optimizing performance, understanding customer behavior, and driving product development. Companies are increasingly adopting cloud solutions as they allow integration of data from multiple sources, such as IoT devices, social networks, and CRM systems. The emphasis on data-driven decision-making across industries, along with the challenges of managing large volumes of data, will continue to drive the growth of cloud solutions in the coming years.

Companies aim to use the benefits of cloud environments, while maintaining flexibility and avoiding vendor lock-in, leading to widespread use of hybrid clouds. Analysts forecast that the global hybrid cloud market will rise by $245.30 billion from 2023 to 2028, with an annual growth rate of 27.16%. In Russia, the cloud service market is anticipated to grow by 36% annually over the next three years, reaching $4.6 billion by the end of 2028. Among the key factors for growth, experts highlight import substitution and the rising demand for solutions in industries like IT, finance, retail, and the public sector. Experts at iKS-Consulting also report that the cloud infrastructure market will grow to $1.7 billion in 2024, the primary factor being the demand for infrastructure to deploy AI tools.

At the same time, analysts at Check Point highlight a rise in cybersecurity incidents related to cloud environments. In a recent survey, 61% of organizations reported breaches in 2024, a significant increase from 24% in 2023. Despite the rise in incidents, only 21% of organizations implement preventive measures to thwart attacks. Respondents highlighted the lack of security awareness among employees (41%), rapid technological changes (38%), and a shortage of qualified personnel (37%). Additionally, 36% of respondents reported issues related to integration and compatibility of cybersecurity solutions.

According to Cloud Security Alliance, the primary threat to cloud solutions in 2024 stemmed from configuration flaws, which can have far-reaching consequences for organizations. The second major threat involves identity and access management, including aspects such as user authorization, authentication, multi-factor authentication (MFA), single sign-on, and activity monitoring. Potential vulnerabilities in these areas can lead to cybersecurity incidents, especially if infrastructure components are improperly configured, outdated, or not implemented at all. Other common cyberthreats include ineffective cloud security strategies, as well as insecure interfaces and APIs. In January 2024, over 15 million Trello accounts were stolen due to insecure API implementation. Another major issue is attacks through contractors and suppliers. Malicious actors can exploit the infrastructure of third-party organizations to gain access to the resources of target companies if secure access controls are not properly implemented.

The transition to multi-cloud and hybrid environments further complicates security management, increasing the demand for integrated solutions capable of protecting diverse platforms. At the same time, organizations are increasingly recognizing the importance of comprehensive monitoring and robust access control, implementing security methods like zero trust.

Forecasts

• We anticipate that in 2025, attackers will increasingly target cloud solutions to steal data, often with the intent of demanding ransom. Last September, Microsoft reported a similar attack by Storm-0501: the attackers managed to compromise hybrid cloud environments, exfiltrate data, gain persistent access to the targeted infrastructure, and deploy ransomware in local networks. The attack targeted a number of organizations in the U.S., including government agencies, manufacturing, and transportation companies.
• Cloud service providers will be of particular interest to attackers in light of the high-profile attacks of 2024, such as those targeting Snowflake customers. However, the measures implemented by cloud service providers may help reduce the number of successful attacks on organizations and mitigate their consequences. For example, Google Cloud announced that by the end of 2025, it will implement mandatory multifactor authentication to strengthen account security. Amazon, in turn, has adopted passwordless sign-in with passkeys.
• In 2025, we expect to see more complex attacks as cybercriminals continue to refine their techniques, including the use of AI, to identify and exploit vulnerabilities in cloud environments. Additionally, the growing complexity of cloud ecosystems and the need to provide data access to a large number of users, including third-party organizations, increase the attack surface. Companies need to extend security measures to their suppliers and partners.

Modern vehicles are equipped with numerous digital systems, including sensors, electronic control units (ECUs), wireless interfaces (Wi-Fi, Bluetooth, 4G/5G), and V2X (vehicle-to-everything) communication systems. Car manufacturers call them "sophisticated computers on wheels." Autonomous vehicles partially or entirely replace the human driver. This involves using software and hardware to detect and identify objects, respond to them, navigate, and manage lane changes. The Society of Automotive Engineers (SAE) developed a classification of vehicle automation based on the degree of human involvement, which includes six levels starting from 0 to 5, where 0 implies no driving automation. At level 1, the vehicle includes a single automated feature for driver assistance, such as steering or cruise control. At level 5, the vehicle is fully autonomous, capable of monitoring road conditions and handling all driving tasks under any conditions, with or without a driver.

The automotive industry is undergoing a major transformation, driven largely by advancements in communication technologies. Vehicles can exchange data in real-time, leading to improved traffic management and reduced accident risk. Automakers are working to enhance safety and offer advanced features like predictive maintenance, real-time navigation, and intelligent traffic alerts—key steps toward the future of autonomous driving. Experts forecast that the global market for autonomous vehicles will reach $211.86 billion by 2032, up from $33.41 billion in 2023, with an annual growth rate of 22.7%. The global self-driving taxi market, valued at $431.9 million in 2023, is projected to grow at an annual rate of 90.2% from 2023 to 2030.

Modern vehicles feature advanced electronic and digital systems, but these can contain vulnerabilities that malicious actors might exploit for attacks. According to the Global Automotive Cybersecurity Report, the attacker areas of interest on dark web forums in 2023 were vulnerability exploits (49.5% of user activity), diagnostic software (19.3%), and vehicle manipulation tools (12.6%).

Let's highlight a few vulnerabilities typical for self-driving vehicles. First and foremost are flaws related to sensors, cameras, and LiDARs. Researchers discovered a vulnerability named EpileptiCar, a digital epileptic seizure phenomenon that causes an object detector's confidence score to fluctuate when exposed to an activated emergency vehicle flasher, blinding advanced driver-assistance systems. This vulnerability could cause autonomous vehicles crash near emergency vehicles. Another attack technique, dubbed GhostStripe, targets CMOS camera sensors: it uses LEDs to shine patterns of light on road signs so that the cars' self-driving software fails to understand the signs, potentially causing a serious accident.

Vulnerabilities can also be found in IoT gateways, which is increasingly dangerous as automotive communication technologies evolve. In December 2023, researchers reported a bug in the Syrus4 IoT gateway that could potentially shut down a vehicle. This vulnerability allowed unauthenticated attackers to execute arbitrary code on Syrus4 devices connected to the cloud service. Infotainment systems are another potential entry point for accessing safety-critical automotive components. For example, experts discovered six vulnerabilities in Mazda Connect. Exploiting one of these vulnerabilities (CVE-2024-8356) could lead to serious consequences: attackers could install a malicious firmware version and gain direct access to the connected controller area networks (CAN buses) and reach the vehicle's electronic control units (ECUs) for the engine, brakes, transmission, or powertrain.

The digital transformation of vehicles has made them an attractive target for cybercriminals. Such attacks have the potential to impact not only individual cars but also entire fleets. At the same time, the global automotive cybersecurity market valued at $3.7 billion in 2024, is expected to grow at an average annual rate of 28.5% from 2024 to 2031. New solutions protect critical automotive data and prevent unauthorized access, enhancing the security of vehicles and passengers.

Forecasts

• In 2025, security researchers will be searching for new vulnerabilities and attack methods targeting autonomous vehicles, with the goal of protecting critical systems.
• As IoT and communication technologies continue to proliferate, attacks on autonomous vehicles could become as frequent as those targeting industrial IoT and smart home systems. Successful attacks on transportation can lead to severe consequences for both individuals and businesses.
• In 2025, targeted attacks on automotive systems will become widespread, with attackers focusing on stealing individuals' personal data.

Digital technology is quickly spreading across industries like finance, retail, manufacturing, transportation, and public services. As more services are being developed and implemented, organizations across different industries are increasingly relying on IT companies. The impact of IT companies on other industries is immense: take, for example, the high-profile incident involving the botched CrowdStrike update, which led to one of the largest IT outages in history. This impact is a major reason why tech companies are prime targets for cybercriminals.

Throughout 2024, we observed the widespread distribution of malicious code via package managers such as npm, PyPi, as well as legitimate platforms like GitHub. The main targets of such attacks were software developers and IT companies. In 2025, the effects of software supply chain attacks will likely become more apparent. In attacks on IT companies, we may see a rise in successful incidents, with attackers using compromised developer credentials from past 2024 campaigns to infiltrate networks and devices. Moreover, digital interconnectedness of IT systems could lead to attacks on companies via their contractors and partners. According to our report on incident investigations covering a period from Q4 2023 through Q3 2024, there was a growing trend of threat actors gaining access to corporate networks through their third-party external providers. What once had been seen as isolated occurrences exploded to 15% over 2024. We saw an increase in incident response requests from IT companies, from 8% of all such requests between Q1 2021 and Q3 2023 to 13% of all such requests between Q4 2023 and Q3 2024.

In 2024, we saw a broad and rapid adoption of digital tools, especially AI. However, in addition to AI, companies are implementing a wide range of other technologies. It's important to accurately assess the cybersecurity risks these technologies bring. Last year, we published a study on cyberthreats to quantum technology in IT.

The world is constantly evolving, and we hold the power to shape a secure future. To achieve this, we must see the bigger picture—embracing the benefits of new technologies while carefully assessing their risks and implementing impactful, result-driven cybersecurity solutions.