by Adrianne Lind, AWC Gothenburg & AIC Malmo
The internet was great until people messed it up
Who doesn’t know someone who has fallen victim to a cybercrime? Perhaps it was an elderly parent, a computer-savvy baby boomer friend, a naive teen child, or even you? I know someone who got confused while being scammed because somehow their bank was involved. And now, so are the police as this person attempts to get their money back after discovering the loss before it was too late.
In my frustration to get a refund from a major airline, I reached out to them on the platform formerly known as Twitter. I was thrilled to get a reply and even heartened when I was asked to initiate the refund process online with them. Instead of seeing red flags, I visualized money back in the bank. It wasn’t until I was asked to be called and then directed to download an app that my heart sank and not only was I not going to get my money back, I had wasted time and got my hopes up for naught.
But I was lucky to snap back to reality. I put myself and my pain out there for a cyber criminal to exploit. Desperate for relief, I was almost reeled in by one of the cyber security threats we’ll explore below.
Raise the force fields
As we prepare to enter 2025, the cyber threat landscape is rapidly evolving. It presents complex challenges that individuals and organizations must address. Some may be complacent. But no, not us! Informed people can act to protect their digital assets. Here are the top cybercrime trends anticipated for 2025 and measures to prepare for them.
1. Artificial Intelligence (AI)-driven cyberattacks
Cybercriminals are using AI to make their attacks more advanced and widespread. AI automates complex cyberattacks. It makes them more efficient and harder to detect. For instance, AI can quickly find software flaws. It can also modify AI models and reconstruct training data. This escalates the threat to critical systems. according to the NCA Newswire in Australia.
Preparation strategy: Stay updated on AI. Use advanced security to detect and counter AI threats. Investing in AI-based defensive tools can help spot and stop these complex attacks. Here are the five best as ranked by the United States Cybersecurity Institute.
2. Proliferation of cybercrime-as-a-service (CaaS)
GovernmentTech.com warns us that the dark web is seeing a rise in CaaS. Here, cybercriminals sell or lease tools and services for cyberattacks. This trend allows lower-skilled people to launch complex attacks. It increases cybercrime.
Preparation strategy: Regularly update and patch systems to protect against known vulnerabilities. Implement robust access controls and monitor networks for unusual activities that may indicate the use of CaaS tools (see #1 for suggestions).
3. Advanced phishing and social engineering attacks
With the advent of AI, Cyber Magazine reminds us, phishing attacks are becoming more convincing and personalized. Cloudfare defines phishing as an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or other important data in order to utilize or sell the stolen information. By masquerading as a reputable source with an enticing request, an attacker lures in the victim in order to trick them, similarly to how a fisherman uses bait to catch a fish.
Cyber adds that cybercriminals can create advanced social engineering campaigns. These are harder for individuals to spot and resist.
Preparation strategy: Enhance awareness through regular training on the latest phishing techniques. Employ email filtering solutions and encourage a culture of skepticism towards unsolicited communications.
4. Deepfake technology exploitation
Raconteur.com explains that deepfake technology misuse poses serious threats because it is getting more sophisticated. It can lead to impersonation and disinformation. Cybercriminals can make realistic fake videos and audio recordings. They use them to deceive people and organizations. This facilitates, among other deceptions, financial fraud and reputational damage.
Preparation strategy: Create protocols to verify the authenticity of communications. This is vital for those requesting sensitive info or financial transactions. Stay updated on deepfake detection technologies and consider their integration into security systems.
5. Internet of Things (IoT) vulnerabilities
The increasing adoption of IoT devices expands the attack surface for cybercriminals, PrivateInternetAccess.com warns. Many IoT devices lack robust security features, making them attractive targets for exploitation. I LOVE my Alexa, camera doorbells, security cameras and smart plugs. I’m all for tech for conveinence.
IBM defines The Internet of Things (IoT) as a network of physical devices, vehicles, appliances and other physical objects that are embedded with sensors, software and network connectivity, allowing them to collect and share data. IoT devices – also known as “smart objects” – can range from simple “smart home” devices like smart thermostats, to wearables like smartwatches and RFID-enabled clothing, to complex industrial machinery and transportation systems. Technologists are even envisioning entire “smart cities” predicated on IoT technologies.
Preparation Strategy: Secure IoT devices. Change default passwords. Update device firmware regularly. Segment IoT devices on separate networks to limit breaches.
6. Quantum computing threats
Quantum computing is still emerging. It could break traditional encryption. This poses a big risk to data security. According to KPMG Australia, quantum computers will be able to break common encryption methods at an alarming speed. Encryption tools currently used to protect everything from banking and retail transactions to business data, documents and digital signatures can be rendered ineffective – fast. Attacks using a "harvest-now, decrypt-later" approach can enable adversaries to steal encrypted files and store them until more advanced quantum computers emerge. So data with a long lifetime value, such as health data, financial records and government files will be of immediate interest to bad actors.
Preparation strategy: Hopefully your health providers, financial institutions and governments are exploring quantum-resistant encryption, staying updated on quantum computing, and assessing when to implement these measures. You can check what they are doing, implement their recommendations and stay on top of what you can. It’s a lot.
7. Regulatory changes and compliance challenges
Governments are introducing strict rules to fight cyber threats. If you’re in the IT department at work, you probably know that organizations must adapt quickly to stay compliant.
If you’re like me and want to be as safe as you can be online, fortunately, the United States Cybersecurity & Infrascruture Security Agency (CISA) has a list of free cybersecurity services and tools, which are provided by private and public sector organizations across the cyber community.
Preparation strategy: Keep up with the latest threats and protections. If you’re subscribing to an email service provider or virus protection software, it should update as the threats update. Sign up to The Hacker News newsletter for the latest information.
8. Ransomware evolution
The Financial Times reports that ransomware attacks are now more targeted and destructive. Cybercriminals are using double extortion tactics. Basically, they encrypt data and threaten to release it. In detail, double extortion ransomware is a type of cyberattack in which threat actors exfiltrate a victim’s sensitive data in addition to encrypting it, giving the criminal additional leverage to collect ransom payments. A typical ransomware attack will only encrypt a victim’s data. The additional threat of exfiltration makes this attack especially dangerous for organizations in all industries, according to zscaler.com. This is another one to be aware of primarily for those in the IT department at work.
Preparation strategy: Use strong backup solutions. Isolate backups from the main network. Create and update an incident response plan to address potential ransomware attacks. I now back up everything daily to the cloud and an external drive. The next step is backing up everything from the cloud to an external hard drive.
Do all you can
Let’s end by realizing that the 2025 cyber threat landscape poses complex challenges. It requires proactive, informed responses. Do all you can to stay safe at home and at work. By understanding and acting on these latest trends, normal people can better resist ever-increasing cyber threats. You can protect your digital assets and help your family protect theirs.
Adrianne Lind is a past President of the AWC Stockholm; past FAWCO Representative for the AIC Malmo, and past 2nd VP & Charity Chair for the IWC Gothenburg. She is a mindfulness activist, yoga coach, meditation guide, podcast host and author of Wellness on the Weekly: 52 Fun Prompts For Mindfulness, Movement, and a Whole Lot Less Stress!
