Cyber criminals are changing their tactics: instead of encrypting data, they are increasingly focussing on deleting it completely - an alarming trend that significantly increases the risk of companies losing important information. According to the security experts at G DATA CyberDefense AG, attackers are expected to increasingly use AI in 2025 to perfect social engineering attacks using deceptively real voice messages, images and videos. IT security will therefore become a question of trust more than ever. But there is also hope: attack attempts are failing more and more frequently, as well-protected companies are making it more difficult for cyber criminals to fight.
There can be no talk of easing the situation in 2025. Cyber criminals will continue to attack targets with the lowest security standards from an economic perspective because this is where the profit is greatest. G DATA CyberDefence provides an outlook on IT security topics that will be relevant in the coming year.
Attackers increasingly want to delete data
New attacker groups are increasingly appearing at the moment, focussing on deleting data instead of encrypting it and extorting a ransom. The damage to companies is increasing considerably as a result - companies without functioning backups in particular risk a total economic loss. The new groups are also benefiting from the fact that investigating authorities have dismantled the networks of several cyber gangs in recent months.
"We are currently observing a new generation of hackers with significantly less technical expertise than known offender groups," says Tim Berghoff, Security Evangelist at G DATA CyberDefense AG. "These cyber criminals are deliberately using malware-as-a-service to sabotage companies in a targeted manner. The focus of these groups is on causing chaos and not on financial motives." AI will increase the number of social engineering attacks
People remain the number one target for cyber criminals. The use of artificial intelligence (AI) is making it increasingly difficult for potential victims to distinguish real from fake messages. The creation of fake videos and images is becoming faster and faster, meaning that attempts to defraud banks or financial service providers with fake identity verification, for example, will increase. Attackers are also luring their victims into traps during video conferences with fake dialogue partners.
"AI-supported tools make it easier to automate spam messages and make them harder to recognise, as common recognition features such as spelling mistakes are increasingly missing," says Tim Berghoff. "Employees with the appropriate security awareness are needed to recognise these attempts at an early stage. But new security protocols for checking the authenticity of such media would also improve security." Cyber defence companies are also increasingly relying on AI in the fight against cyber criminals. This includes user-friendly controls and analyses of the security products used. The aim is to make complex security operations more accessible through AI-supported queries. One example is data retrieval via natural language input in order to facilitate the handling of large amounts of data. In this context, AI tools can be used to summarise contextual explanations of irregularities or anomalies in the network in an understandable way.
Compliance with NIS-2, CRA and DORA is complex
In 2025, many companies will be faced with the task of fulfilling regulatory requirements such as NIS-2, CRA and DORA. In some cases, very complex projects are required to establish the necessary processes and measures. In medium-sized companies in particular, these extra tasks put an additional strain on the tight staffing levels, meaning that there is no time for demanding security tasks such as prompt patching or analysing log files. It can therefore be assumed that the security situation will deteriorate in the short term before companies reach the intended level once the necessary measures have been implemented. Cyber defence companies are also increasingly relying on AI in the fight against cyber criminals. This includes user-friendly controls and analyses of the security products used. The aim is to make complex security operations more accessible through AI-supported queries. One example is data retrieval via natural language input in order to facilitate the handling of large amounts of data. In this context, AI tools can be used to summarise contextual explanations of irregularities or anomalies in the network in an understandable way.
Attacks are cancelled more frequently
There is hope that the number of aborted attacks is increasing, as analyses from incident response operations show. Time and again, attacker groups withdraw from networks or are only able to encrypt parts of the systems. One reason for this: After gaining easy initial access to the network, they encounter greater difficulties when trying to spread. Added to this is a lack of technical knowledge to penetrate further into the network. This is where simple security measures such as segmented networks pay off.
Further information can be found at www.gdata.de.