Expert predictions: What do cybercriminals have planned for 2025?

Egress | 9th Dec 2024

It’s that time again— we’re saying goodbye to 2024 and looking ahead to what the new year may bring. From AI-driven attacks and the rise of deepfakes to the growing vulnerabilities in collaboration tools, the cyber landscape is set to face new and evolving threats. What trends should we prepare for and how can we stay one step ahead?

We’ve asked experts from our threat intelligence, security and IT, customer services, and data governance teams to share their predictions for what’s to come in 2025...

Jack Chapman, SVP of Threat Intelligence

AI is end-to-end

“I said it last year and I will say it again – AI is here to stay. Whether it’s in defense or in attacks, it’s now solidified in the cyber landscape. Next year, I think we will see attackers fully embrace AI’s capabilities to automate and execute every stage of the attack lifecycle—from reconnaissance and targeting to execution and follow-up—across multiple communication channels like smishing (SMS phishing) or vishing (voice phishing).

“I also suspect that AI will be taken one step further, enabling the automation of follow-up attacks based on a recipient’s interaction with an initial phishing email. For example, a scoping email could be sent to a victim containing two links—one to join a meeting via Teams and the other via Slack. The recipient’s choice of link would signal AI to tailor the next stage of the attack specifically to Teams or Slack, all without requiring direct intervention from the attacker. This level of automation allows cybercriminals to dynamically adapt their tactics, making their attacks more targeted and effective.”

The human and the machine

“In 2025, we will witness a new wave of attacks that combine both human vulnerabilities and direct assaults on security solutions. Cybercriminals have long targeted human behavior, exploiting psychological weaknesses, while also attempting to poison AI models and obfuscate malicious elements to evade detection. The frequency and depth of these combined attacks will increase to levels we've never experienced before, making this the primary focus for cybersecurity moving forward.”

Robin Bell, Chief Information Security Officer

AI-driven risks: From data to deepfakes

"As we look towards 2025, the evolution of AI presents a dual-edged sword for cybersecurity. On one hand, we face the internal risks of accidental disclosure as AI systems manage vast amounts of sensitive data. Externally, malicious actors are capitalizing on AI to execute more sophisticated attacks and deepfakes, which will only become more convincing and economical. Additionally, we must address vulnerabilities such as data poisoning and hallucinations, which can lead AI systems to generate inaccurate—and potentially harmful—outcomes.”

Have you heard of quantum computing yet?

“Quantum computing is another area of concern, posing a potential threat to the encryption methods currently safeguarding our data. While it's uncertain when quantum capabilities will truly emerge, or if they are silently advancing, the ramifications for cryptographic security are undeniable.”

Cloudy with a chance of breach

“I'm apprehensive about supply chain vulnerabilities, especially within major cloud service providers. As we’ve seen earlier this year, a single exploit in these networks could result in far-reaching consequences, highlighting the necessity for robust security measures and regulation across the board."

Kevin Tunison, Data Protection Officer

Social engineering on steroids

"Social engineering is set to take a leap outside of email, as malicious actors increasingly exploit browser add-ins to mimic legitimate websites and use sophisticated voice scams to deceive users. A common tactic involves fake calls from supposed "bank fraud teams," during which cybercriminals manipulate victims into providing multi-factor authentication (MFA) codes. They falsely claim these codes are part of a verification process to confirm the recipient’s identity while pretending to assist with fraudulent activity on their bank account. This form of psychological manipulation makes these attacks alarmingly effective.”

“Generative AI may also play a part in this type of attack, providing cybercriminals with real-time script support during phone calls, allowing them to adapt quickly and formulate convincing responses to victims’ questions.”

Fake faces, real consequences

“Deepfakes are going to be leveraged beyond the boardroom-type incidents that have hit the news earlier in 2024, possibly leading to unprecedented intra-company communication breaches.”

“One alarming scenario could involve attackers infiltrating external Teams or Slack tenants to pose as legitimate individuals. Imagine receiving a message from a new hire with the title "Compliance Crisis Manager," claiming their role is to assist in negotiating a ransom the company has already agreed to pay. This individual could use deepfake voice or video technology to appear authentic, exploiting trust within these collaboration platforms. Such an attack would not only create confusion but also open the door to further manipulation, such as extracting sensitive information or redirecting payments.”

James Dyer, Threat Intelligence Lead

Distracted by noise

“Commodity attacks"—mass-produced, brand-impersonation phishing campaigns—have flooded inboxes in 2024, overwhelming users with unsophisticated “white noise” attacks and inundating SOC teams with support tickets. We have seen this surge used as a strategic distraction, disguising more advanced phishing attacks amidst the noise. In 2025, I expect we will see an increase in both low-level “white noise” attacks and sophisticated, highly targeted spear-phishing attempts to exploit these moments when individuals are distracted during a commodity campaign.”

Trusted tools, malicious intent

“Cybercriminals will increasingly exploit legitimate services as vehicles for their malicious operations, taking advantage of the trust and extensive attack surface these platforms offer. Tools like SharePoint, Dropbox, and Adobe are frequently used to host and deliver malware-laden files or links, leveraging their built-in sharing and notification features to create phishing emails that appear completely legitimate. The real threat unfolds only after users authenticate and interact with the content, bypassing traditional defenses. This classic tactic—abusing a widespread and trusted tool until defenses evolve—remains highly effective.”

Sudeep Venkatesh, Chief Customer Officer

Collaboration tools: From Slack to attack

“As businesses increasingly integrate collaboration tools like Teams and Slack with external partners, attackers are likely to exploit the trust placed in these platforms. Compared to traditional communication channels like email, these tools often have less robust security protections, making them attractive targets. We can expect these platforms to become breeding grounds for the second step of multi-channel attacks after email, where cybercriminals aim to spread malicious links, deploy ransomware, and harvest credentials.”

Vishing gets a deepfake makeover

“I also expect to see a spike in sophisticated voice phishing and deepfake attacks. These technologies have evolved rapidly in 2024, enabling cybercriminals to craft incredibly realistic impersonations in voice and video formats. As this continues into the new year, it will become much easier for attackers to manipulate users into disclosing sensitive information or transfer funds.”

How to stay ahead in 2025

In 2025, organizations must blend advanced, AI-enabled detection technology with personalized coaching to effectively combat emerging threats and zero-day attacks. By safeguarding both the inbox and the individual, businesses can strengthen their defenses against increasingly complex cyber risks.

To learn more about Egress Intelligent Email Security, book a demo now.