Cyber security trends for 2025

Here is collection of some cyber security trends and predictions for 2025 from various sources:

Pimeän verkon keskustelut paljastavat: Tällaista kyytiä on luvassa vuonna 2025
Keskustelut paljastavat ensi vuoden uhkakuvat.
https://www.is.fi/digitoday/tietoturva/art-2000010908617.html

VPN provider NordVPN has partnered with researchers at NordStellar to predict the cyber threats of 2025. The companies analyzed the largest dark web forums to identify the most talked about and trending topics. These include:
Advanced disinformation services
Stolen digital identities
AI-based social engineering
Smart home vulnerabilities
The state of connected homes is already fragile, NordVPN warns.

Kyberturvallisuuden ja tekoälyn tärkeimmät trendit 2025
https://www.uusiteknologia.fi/2024/11/20/kyberturvallisuuden-ja-tekoalyn-tarkeimmat-trendit-2025/

Security firm Palo Alto Networks has released a comprehensive list of emerging threats and the impact of advances in artificial intelligence (AI) for the coming year. While they present their own risks, they also help malicious actors seek help to exploit the new capabilities of AI.

Cyber ​​infrastructure is focused on one unified security platform
Large amounts of data give an advantage against new entrepreneurs
Businesses are increasingly adopting secure enterprise browsers
In 2025, more attention will be paid to the energy impacts of artificial intelligence
The realities of quantum technology will become clearer in 2025
Security and marketing directors work more closely together

Kyberhyökkäykset ovat entistä laajempia, röyhkeämpiä ja vahingollisempia.
https://www.verkkouutiset.fi/?p=694453#9c1dc2d3

Cybersecurity company Fortinet has published a cyber threat forecast for 2025. According to it, threat actors will continue to rely on many traditional tactics that have been used for decades.
According to the report, the following cyber threats will be increasingly seen around the world starting next year.

Cybercriminals specialize in certain stages of the attack chain
Attacks on cloud environments are becoming more common
Automated hacking tools on dark web sales platforms
Real-life threats become part of attackers’ tactics
Anti-attack groups expand cooperation

A grim forecast for 2025
Security company warns of new-age cyberattacks.
https://www.iltalehti.fi/digiuutiset/a/3ba5142e-f0ee-43fe-8bd2-4468a9d2d5bd

According to security company Fortinet, many cybercriminals are making better attacks than before, which is not a good thing at all. In addition, old protection methods may not be enough as criminals find new ways to attack.
The company’s Fortiguard Labs team has compiled an updated threat forecast report for 2025, which underlines that cyberattacks are becoming more targeted and harmful, for example, as turnkey cyberattack services become more common.

1 Specialization
2 Cloud and artificial intelligence as themes
3 Real-life threats are part of the tactic

Fortinet reminds us that the responsibility for ensuring information security lies with everyone, not just corporate security and IT teams.
– No single organization or security team can prevent cybercrime on its own, it underlines.

Guidance to survive 2025:

Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices

MITRE shares 2024′s top 25 most dangerous software weaknesses
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/

Six password takeaways from the updated NIST cybersecurity framework
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/

209 Comments

  1. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/

    Reply
  2. Tomi Engdahl says:

    Review: Effective Vulnerability Management
    https://www.helpnetsecurity.com/2025/05/05/review-effective-vulnerability-management/

    Reply
  3. Tomi Engdahl says:

    https://www.facebook.com/share/p/15XwDHphWr/

    Password Cracking BY: Engr. Ahmed Malik (Advisor to Cisco ASC/ITC)

    Password cracking is the process of attempting to recover passwords from data that has been stored or transmitted by a computer system in an unintelligible form. This is often done to gain unauthorized access to systems or data. While it can be used for legitimate purposes, such as recovering forgotten passwords or security testing by system administrators, it is more commonly associated with malicious activities.

    There are various types of password cracking tools and techniques, broadly categorized as follows:

    1. Brute-Force Attacks:

    Description: This method involves systematically trying every possible combination of characters until the correct password is found.
    Tools: Tools like THC-Hydra, Medusa, and custom scripts can automate brute-force attacks.
    2. Dictionary Attacks:

    Description: This technique uses a predefined list of common words and phrases (a “dictionary”) and tries each entry as a potential password.
    Tools: John the Ripper (JtR) and Hashcat are popular tools that support dictionary attacks.
    3. Hybrid Attacks:

    Description: These attacks combine dictionary attacks with brute-force techniques by appending numbers, symbols, or common variations to dictionary words.
    Tools: John the Ripper and Hashcat offer flexible rule engines for hybrid attacks.
    4. Rainbow Table Attacks:

    Description: Rainbow tables are pre-computed tables of password hashes used to speed up the process of cracking hashed passwords.
    Tools: RainbowCrack and Ophcrack utilize rainbow tables.
    5. Keyloggers:

    Description: While not strictly password “cracking,” keyloggers are malware that record keystrokes, allowing attackers to capture passwords as they are typed.
    Tools: Various commercially available and open-source keylogging software exists.
    6. Social Engineering:

    Description: This involves manipulating individuals into revealing their passwords or other sensitive information. Phishing is a common social engineering technique.

    Tools: Social engineering often relies on psychological manipulation rather than specific software, but tools can be used to create fake login pages or send phishing emails.
    7. Credential Stuffing:

    Description: Attackers use previously compromised username and password pairs (obtained from data breaches) to try and log into other services, hoping users reuse their credentials.
    Tools: Automated scripts and botnets are commonly used for credential stuffing attacks.
    8. Password Spraying:

    Description: Instead of trying many passwords against one account, attackers try a few common passwords against a large number of accounts. This can bypass account lockout policies.
    Tools: Custom scripts and tools like Ncrack can be used for password spraying.
    9. Malware:

    Description: Besides keyloggers, other types of malware can steal stored passwords or session tokens.
    Tools: Various types of trojans, spyware, and ransomware may have password-stealing capabilities.
    10. Man-in-the-Middle (MITM) Attacks:

    Description: Attackers intercept communication between a user and a server to capture login credentials as they are transmitted.
    Tools: Tools like Wireshark and Ettercap can be used to capture network traffic, including potentially unencrypted credentials.
    Dedicated Password Cracking Software:

    Beyond the techniques, several software tools are specifically designed for password cracking, including:

    John the Ripper (JtR): A versatile and popular open-source password cracker that supports many hash types and cracking methods.
    Hashcat: A powerful, GPU-accelerated password cracking tool known for its speed and support for numerous algorithms.
    Cain and Abel: A Windows-based tool that can recover various types of passwords using different techniques.
    Ophcrack: A Windows password cracker based on rainbow tables.
    Aircrack-ng: A suite of tools primarily used for cracking Wi-Fi passwords (WEP and WPA/WPA2-PSK).
    L0phtCrack: A commercial tool for auditing and cracking Windows passwords.
    Hydra: A fast network logon cracker that supports many different protocols.
    It’s crucial to understand these techniques and tools to implement effective security measures and protect against unauthorized access. Using strong, unique passwords, enabling multi-factor authentication, and keeping software updated are essential steps in mitigating the risk of password cracking.

    Reply
  4. Tomi Engdahl says:

    https://www.securityweek.com/is-ai-use-in-the-workplace-out-of-control/

    Reply
  5. Tomi Engdahl says:

    Security Theater or Real Defense? The KPIs That Tell the Truth
    In the end, cybersecurity isn’t just about collecting data. It’s about proving that your defenses actually work.
    https://www.securityweek.com/security-theater-or-real-defense-the-kpis-that-tell-the-truth/

    A critical step in maturing any cybersecurity program is the ability to measure and report on its performance. Yet measuring cybersecurity remains notoriously difficult, often bordering on impossible, due to an ever-expanding attack surface and overwhelming data volumes.

    Still, failing to track and analyze cybersecurity KPIs introduces significant risk:

    Undetected Control Failures: Without metrics, it’s nearly impossible to verify whether security controls are functioning as intended. Tools can silently fail due to misconfigurations, system decay, or malicious tampering, leaving blind spots with no warning.
    Ineffective Risk Management: Metrics provide insights into the types, frequency, and severity of threats. Without them, you’re flying blind, unable to assess exposure or allocate resources effectively.
    Regulatory Non-Compliance: Standards like PCI DSS, NIST, HIPAA, and ISO 27001 increasingly demand continuous monitoring and evidence-based reporting. Gaps in KPI tracking can result in compliance failures, audits, penalties, or reputational harm.
    Weak Incident Response: Without understanding metrics such as Mean Time to Detect (MTTD) or Mean Time to Respond (MTTR), you can’t improve response times, leading to longer dwell times and greater damage.
    Misallocated Resources: A lack of visibility often leads to overspending on redundant tools, underinvestment in critical areas, and effort wasted on low-priority risks.
    Lack of Executive Buy-In: Executives want data. Without measurable outcomes, it’s difficult to demonstrate ROI, justify budgets, or make the case for new tools or headcount.
    Erosion of Trust: If you can’t demonstrate risk reduction, you can’t earn or retain trust – from leadership, auditors, or customers – especially after an incident.

    Reply
  6. Tomi Engdahl says:

    Tekoäly tekee kyberhyökkäyksistä automatisoituja
    https://etn.fi/index.php/13-news/17572-tekoaely-tekee-kyberhyoekkaeyksistae-automatisoituja

    Kyberhyökkäysten tahti kiihtyy globaalisti tekoälyn ja automaation myötä. Fortinetin kyberturvatutkimusyksikkö FortiGuard Labsin tuoreen Global Threat Landscape 2025 -raportin mukaan rikolliset hyödyntävät yhä enemmän automatisoituja työkaluja haavoittuvuuksien etsimiseen ja hyödyntämiseen, mikä lyhentää merkittävästi aikaa ensimmäisestä skannauksesta varsinaiseen hyökkäykseen.

    Raportin mukaan haavoittuvuuksien skannaus on noussut ennätystasolle. Vuonna 2024 aktiivisten skannausten määrä kasvoi 16,7 prosenttia edellisvuodesta, ja FortiGuard Labsin mukaan järjestelmiä seulottiin globaalisti jopa 36 000 kertaa sekunnissa. Skannerit eivät enää tyydy etsimään vain avoimia portteja, vaan ne on ohjelmoitu paikantamaan tiettyjä haavoittuvia järjestelmiä, kuten SIP- ja RDP-palveluita sekä OT/IoT-protokollia, kuten Modbus TCP.

    Reply
  7. Tomi Engdahl says:

    ICS/OT
    Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

    Many of the industrial control system (ICS) instances seen in internet scanning are likely or possibly honeypots, not real devices.

    https://www.securityweek.com/up-to-25-of-internet-exposed-ics-are-honeypots-researchers/

    Reply
  8. Tomi Engdahl says:

    https://www.securityweek.com/vulnerabilities-in-cisa-kev-are-not-equally-critical-report/

    Reply
  9. Tomi Engdahl says:

    Tekoäly on tullut jäädäkseen – siitä ei ole epäilystäkään. Mutta mitä tapahtuu, kun siitä tulee myös kyberturvallisuuden suurin uhka?

    Tuore Arctic Wolfin trendiraportti kertoo karun totuuden: tekoäly on ensimmäistä kertaa ohittanut kiristyshaittaohjelmat tietoturvajohtajien pahimpana huolenaiheena. Yli 1200 IT- ja tietoturvajohtajaa ympäri maailmaa, Suomi mukaan lukien, näkee tekoälyn ja erityisesti suurten kielimallien kehityksen nyt suurimpana riskinä digitaaliseen turvallisuuteen.

    Miksi näin on? Nopeasti kehittyvä tekoäly tuo mukanaan uudenlaista epävarmuutta – ei vain hyökkäysten muotojen monipuolistumisena, vaan myös puolustautumisen vaikeutumisena. Tekoäly voi auttaa rikollisia tuottamaan uskottavia huijausviestejä, automatisoimaan hyökkäyksiä ja kiertämään perinteisiä suojausmenetelmiä. Samalla organisaatiot itsekin ottavat tekoälytyökaluja käyttöön ripeässä tahdissa, usein ilman kattavaa ymmärrystä niiden riskeistä.

    https://etn.fi/index.php/opinion/17601-onko-tekoaely-nyt-uusin-uhka-tietoturvalle

    Arctic Wolfin raportin voi ladata täältä.

    https://cybersecurity.arcticwolf.com/2025-Trends-Report.html

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*