Main image of article 3 Cybercrime Trends Tech Pros Must Watch in 2025

Cybercrime is an issue that will not go away when the calendar flips to 2025.

In a report released earlier this year, the World Economic Forum estimated that cybercrime could cost individuals and organizations around the globe an estimated $23 trillion in losses in three years. Meanwhile, the FBI’s Internet Crime Complaint Center report found that U.S. complaints to the bureau related to cybercrime increased to 880,418 in 2023–the last year full statistics were available–a 10 percent increase over 2022. These trends will surely continue into the next 12 months.

Ransomware and data theft remain major concerns for nearly every industry. The American Hospital Association, for instance, reported 386 healthcare-related cybersecurity incidents this year, which include ransomware attacks. That number will likely increase before the year closes out.

Then there is artificial intelligence. While numerous organizations are working to improve their defenses by automating many manual processes, cybercriminals have found their own uses for the technology, including social engineering schemes, data poisoning, password hacking, and deepfakes.

For other organizations, a growing concern is cyber threats combining with physical ones, causing even greater levels of disruption.

“Cybercriminals continually advance their playbooks, with attacks becoming more aggressive and destructive,” Derek Manky, chief security strategist and global vice president of threat intelligence at Fortinet, recently told Dice. “We predict that adversaries will expand their playbooks to combine cyberattacks with physical, real-life threats. We’re already seeing some cybercrime groups physically threaten an organization’s executives and employees in some instances, and we anticipate that this will become a regular part of many playbooks.”

With the start of the new year nearly here, Dice spoke to numerous cybersecurity experts and industry insiders to understand what cybercrime and cyber threat trends tech and security professionals should watch in 2025. Here is a look at three prominent trends that will make headlines over the next 12 months.

Ransomware Threats Continue Growing

In September, security firm SentinelOne published a report that found 35 percent of all cyberattacks were ransomware-related, an 84 percent increase over 2023. Ransomware in North America increased 15 percent and seven out of 10 victims were small and mid-sized businesses.

This increase in ransomware (and the profits from a successful attack) is fueling markets for initial access brokers (IAB) who then sell their access to other cybercriminals who conduct the actual operations. The silver lining is that these increases are attracting more scrutiny from international law enforcement, especially the FBI, said Balazs Greksza, threat response lead at security firm Ontinue.

“In 2025, we’ll likely see larger and more successful ransomware groups enjoy heightened international attention from law enforcement organizations,” Greksza added. “With the increasing number of successful takedowns, extraditions and arrests, some groups are expected to further fragment and rebrand themselves; however, only a small percent might be deterred from continuing their cybercrime activities.”

The ongoing issue with ransomware is that it remains a lucrative business for cybercriminal groups and threat actors. With ransomware-as-a-service (RaaS) and malware-as-a-service (MaaS) lowering the barrier to entry, these incidents will remain a concern for years to come.

“The capabilities available to low-level threat actors are more sophisticated—we’ve already seen the trickle-down economic benefits for threat actors of ‘living off the land,’ edge infrastructure exploitation and identity-focused exploitation,” said Nathaniel Jones, vice president of threat research at Darktrace. “There will continue to be significant increases in availability for RaaS and MaaS that make more advanced tactics the norm. The subscription income that cybercriminal groups can generate enables more adversarial innovation, making attacks faster and more effective with even more significant financial ramifications.”

Cybercriminals Will Expand Their AI Use

No issue has been debated as hotly over the last year as A.I.

For many enterprise organizations, the expanding number of generative A.I. tools and platforms is a chance to reinvent information technology, including automating labor-intensive practices that can slow growth and innovation.

At the same time, law enforcement has watched as cybercriminals adopt the technology at nearly the same clip. In May, the FBI warned that threat actors are now using these tools to improve phishing techniques, and there are other signs that “malicious actors increasingly employ AI-powered voice and video cloning techniques to impersonate trusted individuals, such as family members, co-workers, or business partners.”

Cybersecurity experts see this use of A.I.—creating better phishing emails and developing abilities to crack passwords faster—as a troubling concern that will become more prominent over the next year.

“As more corporations move to [multi-factor authentication] and passwordless by default, cybercriminals will look for the weak spots and increase phishing and spear phishing attacks. We may see more of these driven by A.I., which can assist in automation and tuning of these campaigns,” said Robert Hughes, CISO of RSA. “I also expect cybercriminals will use deepfakes to try to socially engineer their targets as the Help Desk continues to be a soft spot for many organizations that lack strong identity proofing. Identity proofing and liveliness—natural, on camera, in-the-moment responses from one person to another—will be key to stopping these threats."

For other experts like Darktrace’s Jones, the increasing use of A.I. by threat actors and cybercriminal groups is likely to fuel the underground economy. “In 2025, the revenue potential for cybercriminals globally will reach new heights. Cybercrime is a global business, and an increasingly lucrative one, scaling through the adoption of A.I. and the sale of cybercrime-as-a-service,” Jones noted. “Some estimate that annual revenue from cybercrime is already almost five times greater than the revenue of the ‘Magnificent Seven’ stocks and this will only grow.”

Critical Infrastructure and Education in the Crosshairs

Critical infrastructure has never been more vulnerable to attacks than it is right now.

A study published by cybersecurity firm KnowBe4 in August found that critical infrastructure around the world sustained more than 420 million attacks between January 2023 and January 2024—a 30 percent increase over 2022.

The report also found that vulnerable points within U.S. power grids are growing by about 60 each day.

The vulnerabilities in critical infrastructure and the number of attacks targeting these bugs are only expected to grow in 2025.

“While ransomware actors have plenty of relatively low complexity targets, they are more and more likely to cause disruptions in the future,” Ontinue’s Greksza added. “This of course requires specialization, but the critical infrastructure sector would suffer tremendously from threats that cause outages or long-term equipment failure, adding yet another extortion possibility, categorically changing the actors from cyber criminals to terrorists—hopefully this being enough deterrent not doing so.”

While the U.S. education sector is not officially part of the 16 critical infrastructure industries listed by the Cybersecurity and Infrastructure Security Agency (CISA), some cybersecurity experts note that schools, colleges and universities seem more vulnerable to sophisticated attacks—a trend that will grow over the next year.

“Education systems will remain a prime target for cybercriminals in 2025 due to the vast troves of sensitive personal and financial data they collect. K through 12 schools alone average more than one cyber incident per school day, according to CISA, underscoring the sector’s vulnerability,” said Darren Guccione, CEO and co-founder at Keeper Security. “This trend extends to higher education institutions, which face additional risks from the integration of complex research data, intellectual property and open network environments. As cyberattacks grow in frequency and sophistication, the need to strengthen cybersecurity across all levels of education is critical.”