Means, Motives & Opportunities

Uploaded on 2024-12-27 in TECHNOLOGY--Resilience, FREE TO VIEW

What cyber risks can your organization expect in 2025? We'll explore the factors that drive cyberattacks and the threats they will create in the new year.

You are probably familiar with the "means, motive, opportunity" triad from crime shows or courtroom dramas. In cyberattacks, the "means" are the tools at attackers' disposal.

Means

In 2025, hackers will continue to use proven methods like phishing, ransomware, and password cracking, but these will evolve. Generative AI and Large Language Models (LLMs) will make phishing emails more convincing, while deepfakes will aid in creating realistic voice and video scams. AI will also mutate malware code, evading signature-based detection.

Advances in computing hardware will make password cracking faster and easier. 

Cybercriminals are also becoming more organized, dividing tasks among specialized groups - those handling initial access, malware deployment, or ransom collection - creating economies of scale.

Lastly, people remain key vulnerabilities. Social engineering exploits human errors, such as clicking malicious links or falling for scams, making individuals unwitting tools in attacks.

Motive

Attackers’ motives are usually financial or political. Financial motives will remain strong, with ransomware extortion expected to reach record levels in 2025. Political motives include destabilizing societies, spreading disinformation, or undermining governments through fake media.

King Louis the Fourteenth of France famously had the phrase ultima ration regum cast on cannons - "the last resort of kings". Military goals are ultimately the outcome of political goals. For instance, a cyberattack could be launched on satellite communication systems to blind enemy forces. It has happened before and is very likely to happen again in the future.

Opportunity

Opportunities are external factors attackers exploit to advance their goals. Every organization presents a potential opportunity, but those with valuable assets, known vulnerabilities, or weaker defenses are especially attractive.

As a rule of thumb, crises and uncertainty create opportunities for cyberattacks. In 2025, geopolitical tensions, such as the Russian invasion of Ukraine, Chinese expansionism, the Syrian government's collapse, and a leadership change in the country which simultaneously has the world's biggest economy and the world's most powerful armed forces, will provide fertile ground.

In the same vein, pandemics also indirectly heighten cyber risk. A new outbreak would create a polycrisis that attackers would exploit.

The Predictions

Given these factors, the following threats will likely dominate in 2025:

1. Top Attack Types 
Ransomware, Data Leaks, and DDoS Attacks will remain the top threats, with attackers leveraging zero-day vulnerabilities and compromised credentials to gain system access.

2.  Physical Systems Under Attack
Cyberattacks affecting physical infrastructure will increase due to their high return on investment for attackers. Defense and other critical infrastructure sectors like power, water, and telcos will be prime targets.

3.  Fused Financial & Political Goals
Financial and political motives will get more mixed. North Korea will continue funding its political ambitions through financially motivated cyberattacks. Russia is expected to expand its use of cybercriminal gangs, blending criminal and state-sponsored activities to obscure its involvement.

4.  Disinformation
Ongoing political tensions and likely political disruptions will be accompanied by a crescendo of disinformation, as nation-state attackers will try to sow discord and position themselves favorably in the public's perception.

5.    Exploitation of Crises
Major crises will fuel phishing campaigns and other attacks. From potential disease outbreaks like mPox or avian flu, to wars, coups, and infrastructure failures, attackers will exploit public uncertainty and fear.

What You Should Do

In 2025, means, motives and opportunities will lead to an increase in cyber attacks, increasing cyber risk for organizations. But that does not mean that your organization is helpless.

To understand how you can mitigate those risks, find a partner with deep expertise in cybersecurity and a broad set of solutions that can engage in a conversation with you about your cybersecurity needs. 

Kurt Thomas is Senior System Engineer at Fortra 

Image: 

You Might Also Read: 

Understanding The Threat Of QR Codes & Quishing:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cybersecurity Measures To Enhance Data Security In 2025
Cybersecurity: What Can We Expect In 2025? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Equilibrium Security Services

Equilibrium Security Services

Equilibrium Security Services is a specialist cyber security company providing a full spectrum of IT security solutions from consultancy to design & implementation and managed security services.

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

Infowhiz solutions

Infowhiz solutions

Infowhiz provides solutions for backup/disaster recovery and network security.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

Thistle Technologies

Thistle Technologies

Thistle Technologies is building tools that help connected device manufacturers build security resiliency into devices.

Cigent Technology

Cigent Technology

Cigent keeps the most valuable asset in your organization safe—your data. Our advanced endpoint and managed network security solutions prevent ransomware and data theft.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.

SteelGate

SteelGate

SteelGate’s core capabilities are centered around architecture design and engineering of network, systems, and cybersecurity solutions.