As we step into 2025, the cyberthreat landscape is once again more dynamic and challenging than the year before. In 2024, we witnessed a remarkable acceleration in cyberattacks of all types, many fueled by advancements in generative AI. For security leaders, the stakes are higher than ever. In this post, I’ll explore cyberthreat projections and cybersecurity priorities for 2025. These predictions are not just forecasts—they’re calls to action to prepare for the challenges ahead and ensure businesses stay ahead of the threat curve.
Before diving in, let’s reflect on a few 2024 predictions that rang true, shaping lessons we carry forward into the new year.
Reflecting on 2024: GenAI, RaaS, MiTMGenerative AI facilitated a surge in cyberattacks throughout 2024. Threat actors used AI tools to orchestrate highly convincing and scalable social engineering campaigns, making it easier to deceive users and infiltrate systems. Organizations have responded—and must continue to—by adopting AI-powered cybersecurity tools and implementing zero trust architecture as a critical countermeasure.
Ransomware-as-a-service played its part in another rush of ransomware in 2024, contributing to a 57.8% increase in extorted companies listed on data leak sites. RansomHub, identified by the Zscaler ThreatLabz research team as one of the newest ransomware groups on the scene, emerged as a top RaaS affiliate program and gained notoriety for its role in a $22 million ransomware heist targeting a prominent healthcare organization.
Man-in-the-middle (MiTM) attacks made headlines in 2024, as anticipated. In one high-profile incident, hackers targeted Australian airport Wi-Fi networks with a classic ”evil twin” scam—a fake network designed to mimic a legitimate one. An evolution in MiTM, adversary-in-the-middle (AiTM) attacks, was also observed by ThreatLabz, as detailed in the ThreatLabz 2024 Phishing Report. Together, these trends reminded us of the common reliance on interception techniques—a pattern poised to continue into 2025, as I’ll highlight in this year’s predictions.
2025 predictions: AI (again), insider threats, and moreHere are eight cybersecurity trends and predictions I expect will shape the landscape—and security priorities—in the year ahead.
Prediction 1: AI-powered social engineering will reach new highsIn 2025, GenAI will elevate social engineering attacks to new levels, especially with voice and video phishing gaining significant traction. With the rise of GenAI-based tooling, initial access broker groups will increasingly use AI-generated voices and video in combination with traditional channels. As cybercriminals adopt localized languages, accents, and dialects to increase their credibility and success rates, it will become harder for victims to identify fraudulent communication.
We don’t need to go outside of Zscaler’s walls to find examples of such an attack. In 2023, a hacking group used AI to impersonate Zscaler CEO Jay Chaudhry in an attempt to fool a Zscaler employee. Learn more about it in the ThreatLabz 2024 Phishing Report.
This trend, among other AI-powered social engineering attacks, will amplify identity compromise, ransomware, and data exfiltration in 2025.
Prediction 2: Securing GenAI will remain a business imperativeAs global organizations increasingly adopt generative AI applications, both first-party and third-party, securing these systems will remain a top priority. Unlike traditional applications, GenAI introduced unique threat models, including risks of accidental data leakage and adversarial attacks aimed at poisoning AI outputs.
This was a key discussion point at this year’s World Economic Forum (WEF) Annual Cybersecurity Summit, where the consensus among my fellow global CXOs and CISOs was that GenAI applications must be treated as part of overall enterprise security strategy—not as standalone projects.
In 2025, organizations will need to double down on implementing effective security controls to protect AI models and sensitive data pools as well as ensure the integrity of AI-generated content.
Prediction 3: Businesses will face more insider threat vectorsInsider threats will become a greater challenge for businesses in 2025 as threat actors increasingly bypass enterprise cybersecurity measures by planting malicious insiders as employees or contractors, or by compromising companies involved in mergers and acquisitions (M&A). Once inside, they will use legitimate credentials and access to do real damage, especially if the organization uses legacy architecture involving firewalls and VPNs.
As ThreatLabz documented late last year, North Korean threat actors were experimenting with Contagious Interview and WageMole campaigns to procure remote employment opportunities in western countries. Through increasingly sophisticated means, these groups improved their chances of successfully stealing sensitive data and evading economic sanctions.
Protecting sensitive data and critical systems from insider threats will require a unified, zero trust framework, bolstered by AI-powered threat detection and inline TLS/SSL inspection.
Prediction 4: Regulation without harmonization may result in a weaker cybersecurity defenseAs countries worldwide introduce new regulations for cybersecurity, AI, and data privacy, a lack of harmonization will increase operational overhead. Organizations’ cybersecurity posture could suffer as they divert resources toward compliance controls rather than meaningful risk reduction activity.
This was another key area of focus at the WEF Annual Cybersecurity Summit, where global security leaders emphasized the importance of collaboration to close regulatory gaps and establish cohesive standards, particularly for emerging technologies like GenAI.
Without coordinated governance, national and international organizations risk forcing emphasis on compliance over risk reduction in data security—as well as stifling innovation.
Prediction 5: Adversary-in-the-middle (AiTM) phishing attacks that evade multifactor authentication (MFA) will become more prevalentOver the past year, a concerning trend has emerged where adversaries successfully circumvent enterprise MFA through AiTM proxy-based phishing attacks. In 2025, expect phishing kits to increasingly include sophisticated AiTM techniques, localized phishing content, and target fingerprinting—all, of course, enabled by AI.
As documented in the annual ThreatLabz Phishing Report, AiTM proxy kits today can closely mimic legitimate web pages, making them difficult for even security teams to easily identify. Threat actors distributing these proxy kits favor imitating commonly trusted brands such as Microsoft and Gmail due to the widespread frequent use of these familiar formats.
To counter these evolving threats, organizations must prioritize adopting a stronger form of MFA (such as FIDO2-compliant methods) alongside a robust zero trust architecture.
Prediction 6: “Encryption-less” ransomware attacks that extort victims with reduced disruption will increaseRansomware threat actor groups will increasingly extort businesses to protect their data while avoiding major disruption by using encryption-less ransomware attacks in 2025, flying under the radar of media and law enforcement. These groups focus on stealing large volumes of data demanding ransom and see themselves as providing a valuable service to victim companies by identifying their cyber vulnerabilities.
This strategy allows them to exploit weaknesses while maintaining a low profile—a tactic that worked for Dark Angels and their historic ransomware payout. This tactic has gained popularity because it is a much faster and easier transaction for the threat actors and the victims, with no resulting recovery effort or time.
This tactic is increasingly favored by cybercriminals aiming to evade law enforcement efforts to dismantle groups like those behind the infamous SmokeLoader.
As international collaboration to combat organized cybercrime intensifies, expect ransomware threat actors to place a premium on stealthy strategies to help them avoid detection.
Prediction 7: Preparing for quantum-driven threats will become essential as quantum security risks materializeQuantum computing will give rise to a new dimension of threats over the next decade, and 2025 will be a pivotal year for organizations to start planning for these future risks. A pressing concern already taking shape involves nation-state threat actors stealing and storing encrypted TLS sessions with the intent to break the encryption and decrypt it in the future. This risk is especially high for organizations relying on cryptography that is not quantum-safe—a standard still not widely adopted.
Global CXOs must act now to transition toward quantum-safe cryptography standards.
Prediction 8: Software supply chain security will remain a top priority for global CXOsAs adversaries increasingly target software supply chains, including contractors, software supply chain security will stay at the top of agendas in 2025. Beyond strengthening third-party risk management programs, organizations must take additional measures to defend against supply chain attacks.
Implementing a zero trust architecture with segmentation for your crown jewels, including CI/CD environments and inline inspection for threats and data leakage, will be critical to defend against software supply chain attacks.
From prediction to action: Strengthening your security in 2025These predictions for 2025 will demand a heightened focus on proactive defense strategies. Organizations must prioritize a zero trust architecture, harness the power of AI-powered security controls, and foster a culture of security awareness. By aligning these efforts with strategic planning and innovation, businesses will be in a better position to counter emerging threats in the year to come and beyond.
The Zscaler Zero Trust Exchange helps organizations reduce risk across all four stages of the attack chain:
Minimize the attack surface: Zscaler effectively minimizes the attack surface by hiding users, applications and devices behind a cloud proxy, where they are not visible or discoverable from the internet.
Prevent initial compromise: The Zero Trust Exchange employs extensive TLS/SSL inspection, browser isolation, advanced inline sandboxing, and policy-driven access controls to prevent users from accessing malicious websites and detect unknown threats before they reach your network.
Eliminate lateral movement: User-to-app or app-to-app segmentation will ensure users connect directly to applications (and apps to other apps), not the network, eliminating the risk of lateral movement.
Stop data loss: Inline data loss prevention measures, combined with full TLS/SSL inspection, effectively thwart data theft attempts. Zscaler ensures that data is secured both in transit and at rest.
By leveraging its unmatched scale and rich data foundation—processing more than half a trillion daily transactions—Zscaler is poised to transform AI capabilities for the cybersecurity industry, enabling organizations to mitigate risks and optimize performance.
Request a custom demo to see how Zscaler can help address your organization’s security needs.
Follow Zscaler ThreatLabz on X (Twitter) and our Security Research Blog to stay on top of the latest cyberthreats and security research. The ThreatLabz research team continuously monitors threat intelligence from the world’s largest inline security cloud and shares its findings with the wider security community.
Forward-Looking Statements This blog contains forward-looking statements that are based on our management's beliefs and assumptions and on information currently available to our management. These forward-looking statements include, but are not limited to, statements concerning predictions about the state of the cyber security industry in calendar year 2025 and our ability to capitalize on such market opportunities; the use of Zero Trust architecture to combat cyberthreats; and beliefs about the ability of AI and machine learning to reduce detection and remediation response times as well as proactively identify and stop cyberthreats. These forward-looking statements are subject to the safe harbor provisions created by the Private Securities Litigation Reform Act of 1995. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, and a significant number of factors could cause actual results to differ materially from statements made in this blog, including security risks and developments unknown to Zscaler at the time of this blog and the assumptions underlying our predictions regarding the cyber security industry in calendar year 2025. Additional risks and uncertainties are set forth in our most recent Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission (“SEC”) on December 5, 2024, which is available on our website at ir.zscaler.com and on the SEC's website at www.sec.gov. Any forward-looking statements in this release are based on the limited information currently available to Zscaler as of the date hereof, which is subject to change, and Zscaler does not undertake to update any forward-looking statements made in this blog, even if new information becomes available in the future.
↧