Cyber security trends for 2025

Here is collection of some cyber security trends and predictions for 2025 from various sources:

Pimeän verkon keskustelut paljastavat: Tällaista kyytiä on luvassa vuonna 2025
Keskustelut paljastavat ensi vuoden uhkakuvat.
https://www.is.fi/digitoday/tietoturva/art-2000010908617.html

VPN provider NordVPN has partnered with researchers at NordStellar to predict the cyber threats of 2025. The companies analyzed the largest dark web forums to identify the most talked about and trending topics. These include:
Advanced disinformation services
Stolen digital identities
AI-based social engineering
Smart home vulnerabilities
The state of connected homes is already fragile, NordVPN warns.

Kyberturvallisuuden ja tekoälyn tärkeimmät trendit 2025
https://www.uusiteknologia.fi/2024/11/20/kyberturvallisuuden-ja-tekoalyn-tarkeimmat-trendit-2025/

Security firm Palo Alto Networks has released a comprehensive list of emerging threats and the impact of advances in artificial intelligence (AI) for the coming year. While they present their own risks, they also help malicious actors seek help to exploit the new capabilities of AI.

Cyber ​​infrastructure is focused on one unified security platform
Large amounts of data give an advantage against new entrepreneurs
Businesses are increasingly adopting secure enterprise browsers
In 2025, more attention will be paid to the energy impacts of artificial intelligence
The realities of quantum technology will become clearer in 2025
Security and marketing directors work more closely together

Kyberhyökkäykset ovat entistä laajempia, röyhkeämpiä ja vahingollisempia.
https://www.verkkouutiset.fi/?p=694453#9c1dc2d3

Cybersecurity company Fortinet has published a cyber threat forecast for 2025. According to it, threat actors will continue to rely on many traditional tactics that have been used for decades.
According to the report, the following cyber threats will be increasingly seen around the world starting next year.

Cybercriminals specialize in certain stages of the attack chain
Attacks on cloud environments are becoming more common
Automated hacking tools on dark web sales platforms
Real-life threats become part of attackers’ tactics
Anti-attack groups expand cooperation

A grim forecast for 2025
Security company warns of new-age cyberattacks.
https://www.iltalehti.fi/digiuutiset/a/3ba5142e-f0ee-43fe-8bd2-4468a9d2d5bd

According to security company Fortinet, many cybercriminals are making better attacks than before, which is not a good thing at all. In addition, old protection methods may not be enough as criminals find new ways to attack.
The company’s Fortiguard Labs team has compiled an updated threat forecast report for 2025, which underlines that cyberattacks are becoming more targeted and harmful, for example, as turnkey cyberattack services become more common.

1 Specialization
2 Cloud and artificial intelligence as themes
3 Real-life threats are part of the tactic

Fortinet reminds us that the responsibility for ensuring information security lies with everyone, not just corporate security and IT teams.
– No single organization or security team can prevent cybercrime on its own, it underlines.

Guidance to survive 2025:

Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

MITRE shares 2024′s top 25 most dangerous software weaknesses
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/

Six password takeaways from the updated NIST cybersecurity framework
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/

218 Comments

  1. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/

    Reply
  2. Tomi Engdahl says:

    Review: Effective Vulnerability Management
    https://www.helpnetsecurity.com/2025/05/05/review-effective-vulnerability-management/

    Reply
  3. Tomi Engdahl says:

    https://www.facebook.com/share/p/15XwDHphWr/

    Password Cracking BY: Engr. Ahmed Malik (Advisor to Cisco ASC/ITC)

    Password cracking is the process of attempting to recover passwords from data that has been stored or transmitted by a computer system in an unintelligible form. This is often done to gain unauthorized access to systems or data. While it can be used for legitimate purposes, such as recovering forgotten passwords or security testing by system administrators, it is more commonly associated with malicious activities.

    There are various types of password cracking tools and techniques, broadly categorized as follows:

    1. Brute-Force Attacks:

    Description: This method involves systematically trying every possible combination of characters until the correct password is found.
    Tools: Tools like THC-Hydra, Medusa, and custom scripts can automate brute-force attacks.
    2. Dictionary Attacks:

    Description: This technique uses a predefined list of common words and phrases (a “dictionary”) and tries each entry as a potential password.
    Tools: John the Ripper (JtR) and Hashcat are popular tools that support dictionary attacks.
    3. Hybrid Attacks:

    Description: These attacks combine dictionary attacks with brute-force techniques by appending numbers, symbols, or common variations to dictionary words.
    Tools: John the Ripper and Hashcat offer flexible rule engines for hybrid attacks.
    4. Rainbow Table Attacks:

    Description: Rainbow tables are pre-computed tables of password hashes used to speed up the process of cracking hashed passwords.
    Tools: RainbowCrack and Ophcrack utilize rainbow tables.
    5. Keyloggers:

    Description: While not strictly password “cracking,” keyloggers are malware that record keystrokes, allowing attackers to capture passwords as they are typed.
    Tools: Various commercially available and open-source keylogging software exists.
    6. Social Engineering:

    Description: This involves manipulating individuals into revealing their passwords or other sensitive information. Phishing is a common social engineering technique.

    Tools: Social engineering often relies on psychological manipulation rather than specific software, but tools can be used to create fake login pages or send phishing emails.
    7. Credential Stuffing:

    Description: Attackers use previously compromised username and password pairs (obtained from data breaches) to try and log into other services, hoping users reuse their credentials.
    Tools: Automated scripts and botnets are commonly used for credential stuffing attacks.
    8. Password Spraying:

    Description: Instead of trying many passwords against one account, attackers try a few common passwords against a large number of accounts. This can bypass account lockout policies.
    Tools: Custom scripts and tools like Ncrack can be used for password spraying.
    9. Malware:

    Description: Besides keyloggers, other types of malware can steal stored passwords or session tokens.
    Tools: Various types of trojans, spyware, and ransomware may have password-stealing capabilities.
    10. Man-in-the-Middle (MITM) Attacks:

    Description: Attackers intercept communication between a user and a server to capture login credentials as they are transmitted.
    Tools: Tools like Wireshark and Ettercap can be used to capture network traffic, including potentially unencrypted credentials.
    Dedicated Password Cracking Software:

    Beyond the techniques, several software tools are specifically designed for password cracking, including:

    John the Ripper (JtR): A versatile and popular open-source password cracker that supports many hash types and cracking methods.
    Hashcat: A powerful, GPU-accelerated password cracking tool known for its speed and support for numerous algorithms.
    Cain and Abel: A Windows-based tool that can recover various types of passwords using different techniques.
    Ophcrack: A Windows password cracker based on rainbow tables.
    Aircrack-ng: A suite of tools primarily used for cracking Wi-Fi passwords (WEP and WPA/WPA2-PSK).
    L0phtCrack: A commercial tool for auditing and cracking Windows passwords.
    Hydra: A fast network logon cracker that supports many different protocols.
    It’s crucial to understand these techniques and tools to implement effective security measures and protect against unauthorized access. Using strong, unique passwords, enabling multi-factor authentication, and keeping software updated are essential steps in mitigating the risk of password cracking.

    Reply
  4. Tomi Engdahl says:

    https://www.securityweek.com/is-ai-use-in-the-workplace-out-of-control/

    Reply
  5. Tomi Engdahl says:

    Security Theater or Real Defense? The KPIs That Tell the Truth
    In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
    https://www.securityweek.com/security-theater-or-real-defense-the-kpis-that-tell-the-truth/

    A critical step in maturing any cybersecurity program is the ability to measure and report on its performance. Yet measuring cybersecurity remains notoriously difficult, often bordering on impossible, due to an ever-expanding attack surface and overwhelming data volumes.

    Still, failing to track and analyze cybersecurity KPIs introduces significant risk:

    Undetected Control Failures: Without metrics, it’s nearly impossible to verify whether security controls are functioning as intended. Tools can silently fail due to misconfigurations, system decay, or malicious tampering, leaving blind spots with no warning.
    Ineffective Risk Management: Metrics provide insights into the types, frequency, and severity of threats. Without them, you’re flying blind, unable to assess exposure or allocate resources effectively.
    Regulatory Non-Compliance: Standards like PCI DSS, NIST, HIPAA, and ISO 27001 increasingly demand continuous monitoring and evidence-based reporting. Gaps in KPI tracking can result in compliance failures, audits, penalties, or reputational harm.
    Weak Incident Response: Without understanding metrics such as Mean Time to Detect (MTTD) or Mean Time to Respond (MTTR), you can’t improve response times, leading to longer dwell times and greater damage.
    Misallocated Resources: A lack of visibility often leads to overspending on redundant tools, underinvestment in critical areas, and effort wasted on low-priority risks.
    Lack of Executive Buy-In: Executives want data. Without measurable outcomes, it’s difficult to demonstrate ROI, justify budgets, or make the case for new tools or headcount.
    Erosion of Trust: If you can’t demonstrate risk reduction, you can’t earn or retain trust – from leadership, auditors, or customers – especially after an incident.

    Reply
  6. Tomi Engdahl says:

    Tekoäly tekee kyberhyökkäyksistä automatisoituja
    https://etn.fi/index.php/13-news/17572-tekoaely-tekee-kyberhyoekkaeyksistae-automatisoituja

    Kyberhyökkäysten tahti kiihtyy globaalisti tekoälyn ja automaation myötä. Fortinetin kyberturvatutkimusyksikkö FortiGuard Labsin tuoreen Global Threat Landscape 2025 -raportin mukaan rikolliset hyödyntävät yhä enemmän automatisoituja työkaluja haavoittuvuuksien etsimiseen ja hyödyntämiseen, mikä lyhentää merkittävästi aikaa ensimmäisestä skannauksesta varsinaiseen hyökkäykseen.

    Raportin mukaan haavoittuvuuksien skannaus on noussut ennätystasolle. Vuonna 2024 aktiivisten skannausten määrä kasvoi 16,7 prosenttia edellisvuodesta, ja FortiGuard Labsin mukaan järjestelmiä seulottiin globaalisti jopa 36 000 kertaa sekunnissa. Skannerit eivät enää tyydy etsimään vain avoimia portteja, vaan ne on ohjelmoitu paikantamaan tiettyjä haavoittuvia järjestelmiä, kuten SIP- ja RDP-palveluita sekä OT/IoT-protokollia, kuten Modbus TCP.

    Reply
  7. Tomi Engdahl says:

    ICS/OT
    Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

    Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

    https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/

    Reply
  8. Tomi Engdahl says:

    https://www.securityweek.com/vulnerabilities-in-cisa-kev-are-not-equally-critical-report/

    Reply
  9. Tomi Engdahl says:

    Tekoäly on tullut jäädäkseen – siitä ei ole epäilystäkään. Mutta mitä tapahtuu, kun siitä tulee myös kyberturvallisuuden suurin uhka?

    Tuore Arctic Wolfin trendiraportti kertoo karun totuuden: tekoäly on ensimmäistä kertaa ohittanut kiristyshaittaohjelmat tietoturvajohtajien pahimpana huolenaiheena. Yli 1200 IT- ja tietoturvajohtajaa ympäri maailmaa, Suomi mukaan lukien, näkee tekoälyn ja erityisesti suurten kielimallien kehityksen nyt suurimpana riskinä digitaaliseen turvallisuuteen.

    Miksi näin on? Nopeasti kehittyvä tekoäly tuo mukanaan uudenlaista epävarmuutta – ei vain hyökkäysten muotojen monipuolistumisena, vaan myös puolustautumisen vaikeutumisena. Tekoäly voi auttaa rikollisia tuottamaan uskottavia huijausviestejä, automatisoimaan hyökkäyksiä ja kiertämään perinteisiä suojausmenetelmiä. Samalla organisaatiot itsekin ottavat tekoälytyökaluja käyttöön ripeässä tahdissa, usein ilman kattavaa ymmärrystä niiden riskeistä.

    https://etn.fi/index.php/opinion/17601-onko-tekoaely-nyt-uusin-uhka-tietoturvalle

    Arctic Wolfin raportin voi ladata täältä.

    https://cybersecurity.arcticwolf.com/2025-Trends-Report.html

    Reply
  10. Tomi Engdahl says:

    Risk Management
    Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

    Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.

    https://www.securityweek.com/taming-the-hacker-storm-why-millions-in-cybersecurity-spending-isnt-enough/

    According to the AV-TEST Institute, more than 450,000 new malicious applications are found every day, illustrating the rapid rate of malware spread.

    Despite substantial investments in cybersecurity, why are malware and hackers so ubiquitous? Because we cannot stop what we cannot see or identify. With AI-driven deepfakes, attackers can assume anyone’s identity to create convincing impersonations and execute successful attacks. Our inability to discover their true identities has worked in favor of threat actors, enabling them to easily evade arrest.

    The Pervasive Trusted Ecosystem

    The key to taming the hacker storm is founded on the core principle of trust: that the individual or company you are dealing with is who or what they claim to be and behaves accordingly. Establishing a high-trust environment can largely hinder hacker success. Following are elements defining a pervasive, trusted ecosystem:

    Trusted identities: A key component of establishing trust between interacting parties can be achieved by ensuring the identities of all participants are verified and authenticated if desired and agreed upon by all parties in the communication stream.

    There can be three types of identities: Real ID, or real identity, tied to human identity, which is strongly authenticated and assured. Pseudo identity, or pseudo anonymity, is like a made-up label. An example of this is an email address that is not necessarily a person’s real name (i.e., [email protected], [email protected]) or strongly verified to who it belongs to. I could make up a fake email address claiming I’m Bill Gates (e.g., [email protected]) and there isn’t any identity mechanism to stop me. Most email addresses and logon names on the Internet are that type of identity today.

    Thirdly, there is attempted anonymity, when a person cannot be traced to a constant identity label.

    In identity-based trust relationships, each relationship between the interacting parties has a different degree of trust involved:

    Reply
  11. Tomi Engdahl says:

    OWASP Nettacker: Open-source scanner for recon and vulnerability assessment
    OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It offers a controlled and extensible framework for running these tests.
    https://www.helpnetsecurity.com/2025/06/11/owasp-nettacker-open-source-scanner/

    Reply
  12. Tomi Engdahl says:

    https://a16z.com/next-gen-pentesting-ai-empowers-the-good-guys/

    Reply
  13. Tomi Engdahl says:

    https://www.theeastafrican.co.ke/tea/business-tech/how-unsanctioned-staff-ai-use-exposes-firms-to-data-breach-5072396

    Reply
  14. Tomi Engdahl says:

    35 open-source security tools to power your red team, SOC, and cloud security
    This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security.
    https://www.helpnetsecurity.com/2025/06/18/free-open-source-security-tools/

    Reply
  15. Tomi Engdahl says:

    https://hackaday.com/2025/06/16/an-open-source-justification-for-usb-cable-paranoia/

    Reply
  16. Tomi Engdahl says:

    https://www.aikido.dev/
    No bullsh*t security for developers
    Secure your code, cloud, and runtime in one central system.
    Find and fix vulnerabilities fast automatically.

    Reply
  17. Tomi Engdahl says:

    NIST Outlines Real-World Zero-Trust Examples
    SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies.
    https://www.darkreading.com/endpoint-security/nist-outlines-real-world-zero-trust-examples

    The National Institute of Standards and Technology released new guidance on building end-to-end zero-trust architectures (ZTA), providing security teams with practical, real-world examples of how to enhance their organization’s defenses.

    The guidance (SP 1800-35) offers 19 example ZTAs built using commercial, off-the-shelf technologies to give organizations a starting point for implementing zero trust. Developed through a four-year project at the NIST National Cybersecurity Center of Excellence with 24 industry collaborators, SP 1800-35 addresses the reality that every ZTA implementation should be treated as a custom build because every organization’s network environment and needs are different.

    Reply
  18. Tomi Engdahl says:

    Vuls: Open-source agentless vulnerability scanner
    Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to solve the daily problems admins face when trying to keep servers secure.
    https://www.helpnetsecurity.com/2025/05/05/vuls-open-source-agentless-vulnerability-scanner/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*