According to all forecasts, the 2025 cyber threat landscape will be more extensive and dangerous: more attacks, both simple and sophisticated, greater diversity in attack types — from technologically complex to simple but effective ones, more attacker profiles, and a wider range of target organizations from large to small across various business sectors.
These trends are naturally influenced by technological developments, as well as business, economic, and interstate relations. Experts from Israel, the US, and Europe from the fields of cybersecurity, technology, investments and more share their insights on the prominent cyber dangers ahead, and suggestions for dealing with these nightmare scenarios.
Global Conflicts, Business Casualties
Political and military conflicts like Russia-Ukraine, China-Taiwan, North Korea, and the Middle East serve as significant backdrop for cyber attacks. More and more cyber incidents are connected to macro-politics and conflict arenas. “Like we see in Russia-Ukraine, Taiwan-China, and The Middle East — global crises lend legitimacy to state attacks on the business sector,” says Nimrod Kozlovski, founder and CEO of Cytactic Cyber Crisis Management & Readiness Platform. “Commercial entities find themselves in the crossfire as tactical and strategic targets.”
Traditional kinetic battlefields lost their exclusivity with the emergence of the cyber arena, turning wars hybrid. Warring nations exploit the open, global, and amorphous nature of cyberspace to attack civilian economic targets — directly, or through proxies in the form of “independent” hacker groups.
The attacks serve various military objectives. Nations spy and collect intelligence (like secret blueprints of advanced weapons), hurt morale (identity theft for political subversion and running influence/disinformation operations), position themselves at critical points in networks and computing systems of enemies and their allies, and disrupt virtual and physical infrastructure (banks, traffic lights, news apps and commerce sites).
And that’s not all. “The devastating impact of the continuation of the conflicts on national economies and depleting budgets is pushing some of the players to support and promote sophisticated ransom based attacks, where any enterprise in any vertical could become a victim,” says Nathan Shuchami, Managing Partner, Hyperwise Ventures. Simply put: nations steal, rob, extort, and loot to finance the continuation of war. According to him, the ongoing conflicts “will increase the national investments by the multiple players in nation grade, sophisticated cyber attacks.”
Eh, Aye?
“AI and AI tools will be a double-edged sword,” warns Florence Hugenholtz, Managing Director, FTI Consulting SC, like so many others, as generative AI technologies that swept the world in the past year have been adopted by both sides in the cyber arena.
“AI is increasingly being used by hackers as well as defenders, intensifying the competition between both sides,” says Moty Cristal, crisis negotiator and Founder, NEST, Negotiation Strategies, and Yuval Ben-Itzhak, General Partner, Evolution Equity Partners, elaborates how threat actors are utilizing “deepfake videos, AI, and social engineering techniques” to penetrate target environments.
“Automated attacks will rise, with the full chain of an attack — from initial penetration to lateral movement and exploitation — being executed by smart, automated tools,“ predicts Kozlovski. AI can help hackers tailor attacks to specific targets, like crafting convincing phishing messages and creating useful deepfakes. This will lead to focusing attacks on the weak link of managers and their relatives, warns Rubi Aronashvili, Founder and CEO, CYE: “Instead of attacking the cloud environment, attacking the specific executives and their family members has become more relevant and easy. Think about how easy it is now to impersonate someone, how easy it is to try and compromise a daughter of a CEO in a specific organization or a family member of the CEO from there, going to the CEO environment and directly to the corporate environment. That’s something much harder to identify these days and the return on investment from the attacker’s perspective is going to be huge.”
Post-attack, hackers will use AI-chatbots to provide “customer service” — conversations with victims to negotiate ransom and guide cryptocurrency purchases for payment.
AI serves not only as an attack tool, but also as a potential attack surface. “New and sophisticated attack vectors will always leverage new, modern, and therefore unprotected IT channels,” Shocham says and gives an example: “Integration of AI models, many of which are based on open source, could allow sophisticated attackers to infiltrate the IT infrastructure of the enterprise” — “Especially with AI and AI agents being adopted everywhere,” adds Ben-Itzhak. Karin Lagziel, North America Client Leadership Director, Sygnia, emphasizes that “businesses must secure AI models while countering AI-driven threats like phishing-as-a-service, ransomware, and deepfakes.”
On the defense side, says Kozlovski, “detection and response will improve through the use of advanced technologies and AI. These tools will also empower defenders to respond more effectively.” For example, AI could be used to build attacker profiles and identify and exploit weaknesses in their preferred tools and negotiation skills. Lagziel emphasized that “using AI to defend against AI threats is critical — you don’t bring a knife to a gunfight.”
Amateurs, Professionals — All Are Welcome
Many hackers are improving and sophisticating their attacks, while simultaneously, growth in simple and basic attacks is expected. Cristal explains this paradox: “Cyberattack groups are fragmenting, with more and more affiliates leveraging their growing sophistication to modify existing tools and spin-off to independent hacking careers, which begets more attackers, which leads to more attacks. This is fueled by the hackers’ reluctance to pay the 30% hacker group commission, and to distance themselves from sanction-tarnished groups, which victims are legally banned from paying ransom to.”
He shares his encounter with sanction effects: “I recently handled negotiations with an attacker who used tools by LockBit, the once dreaded hacker group turned pariah when both the US & Australia sanctioned its honcho Dmitry Yuryevich Khoroshev. Once the hacker was made aware that payment is expressly prohibited, he quickly turned to private communications with the victim, and eventually rebranded the attack under a different group.”
Ransomware attacks require advanced technical skills, but in parallel, we’re seeing a rise in simpler extortion attacks — stealing digital data for money schemes,” says Cristal. What attracts less sophisticated hackers? “The Trump/Musk crypto friendly environment, which sent Bitcoin skyrocketing, continues to fuel criminal activity and increase it; Tech savvy people and semi-criminals, who wouldn’t normally into hacker groups or organized crime, are incentivized to go into ransomware due to crypto’s ease of use”.
“Attacks will grow more complex, moving beyond single extortion ransomware to double, triple, or even quadruple extortion schemes. These attacks might involve not only stealing data but also altering it, leaking it, and extorting both the organizations and the data subjects,” says Kozlovski. “Such sophisticated attacks demand equally sophisticated, well-orchestrated responses.”
Make Me One with Everyone
“Nobody Gets Fired For Buying IBM” is an old tech adage illustrating the industry’s loyalty to popular solutions. This creates cybersecurity issues, as Shuchami explains: “Relying on a single or a handful of security platforms (“platformization”) will leave many enterprises vulnerable to new and sophisticated cyber attacks that can create significant financial damage.” Kozlovski adds: “When many organizations use the same technologies, or have over-dependency on the same technological services supply chain, it begets monolithic vulnerabilities, where a single compromised organization could snowball into a collapse of the entire chain.”
The problem stems from widespread use of specific technology making it a target for many hackers, increasing breach likelihood. When breached, it becomes the weak link in the supply chain of numerous organizations using it.
“We see that the pyramid approach is something that will be very strong,” Aronashvili says, “meaning going to a single organization that has a lot of customers, whether it’s a supply chain attack, whether it’s a massive cloud provider or one of the big providers worldwide that will yield a much more significant return on investment from the attacks perspective, and we believe those organizations that are serving other, significant organizations will be the target of this attack.”
We saw that in 2024’s catastrophic incidents: Change Health’s breach and Crowdstrike’s non-cyber outage, together inflicting damages of +$1B,” says Kozlovski. “We suddenly saw the potential for mega-events, potentially cascading events, which the hackers also took notice of. 2024 was just the opening shot of what we’re going to see in 2025.” Tim Brown, CISO, SolarWinds and Advisory Board Member, Cytactic, also sees this danger approaching, warning of “more supply chain attacks” in 2025.
The solution is system diversification and examining supplier security practices. Organizations “must prepare for incidents not just within their own environments, but also in their supply chains,” says Kozlovski, and Shuchami adds that CISOs should “constantly allocate budgets for advanced, yet allegedly more nichey cyber security solutions.”
Smart Shooters
Attack surfaces grow with advancing technology, notably the Internet of Things (IoT) — internet-connected devices including
- Body-worn devices: shoes, watches, fitness bands, body monitors
- Medical devices: insulin pumps, hearing aids, pacemakers
- Pet and object tracking tags
- Home appliances: air conditioners, refrigerators, water heaters
- Smart environments: cars, homes, buildings, cities
- Industrial facilities and infrastructure
This vast array of attack surfaces, connected to internet and home networks, often left with default passwords or unprotected and without security updates, is a hacker’s paradise.
“We see entirely new cyber-crisis scenarios we must prepare for. […] What we see is not just attacks and potential cyber crises targeting enterprise networks, but a shift towards cyber-physical systems like buildings and cities,” warns Markus Geier, President, Comcode North America Inc. “When threat actors who are currently attacking our enterprises decide to target smart city infrastructures — like here in Manhattan, they could attack skyscrapers, shutting down elevators, activating fire control systems, hacking access controls, locking doors, and more. When cyberattacks enter the human and physical realm, this will mark the next tremendous phase.”
Whatcha Gonna Do?
At this point you must be wondering, “But does it concern me?” And yes, it does. “It doesn’t matter if you are a small business, midsize, or large corporation — everyone is a target for hackers,” says Shay Simkin, Global Head of Cyber, Howden Insurance. “One day you will be hit with a cyber incident, and if you only start preparing when it is already underway, you will find that it is probably the worst day of your life. […] A main pillar of our cooperation with Cytactic is to help our global clients better prepare for the day of the insurance claim, which we urge them to do.“
“I’ve been in cybersecurity for 27 years,” Ben-Itzhak recalls. “I’ve seen this landscape with a lot of technology focusing on detection and response and a lot of innovation. However, at the day of a crisis, at the time when something goes wrong, people are still using Stone Age tools like emails, PDFs, and documents”. Ira Winkler, CISO and VP, CYE, adds: “Previously, we had to improvise responses with outdated playbooks and limited tools. Now, with tools like audit logs and dynamic playbooks, we are much better prepared to handle incidents and recover from them”
“During SUNBURST, we relied heavily on people making decisions under extreme stress,” Brown shares from his professional experience with one of the most significant cyber breaches in history. “We needed automation and tools to reduce reliance on people making decisions under extreme stress. […] When I joined Cytactic’s advisory board, it was clear the platform filled a critical gap in crisis management. […] Cytactic offers automation, predefined plans, and advanced tools, which reduce that dependency on human improvisation during crises. […] The platform’s ability to predefine plans and automate tasks is a game-changer for preparedness and response. It allows teams to focus on managing the crisis rather than improvising, which is essential in high-stakes situations.”
Geier: “The most important thing, regardless of how good the tools are, is flexibility. Crises are often unpredictable and chaotic. You need to be able to improvise and then use good tools and processes to support your approach. Resilience comes through preparedness and readiness.”
“You can always improve, you can add detection response capabilities, be prepared for incidents with all the relevant procedures around that that’s all great, and you should do that,” says Aronashvili, “but if there is one thing that you need to remember basic foundations: passwords, account management, identity management, software management. That’s it.”
“There’s no magic bullet,” Cristal insists. “The key to combating these evolving threats is readiness and better management. Today, awareness among CISOs, CEOs, and Boards is very high. Five years ago, we focused on increasing awareness; now, the priority is increasing preparedness.”