G DATA IT security outlook for 2025: cyber gangs now focusing on destruction instead of extortion

However, there is no question of a let-up in 2025. From an economic point of view, cyber criminals will continue to attack targets with the lowest security standards because that is where they stand to profit the most.  G DATA CyberDefense provides an outlook on IT security subjects that will become relevant in the coming year.

New perpetrators with an urge for destruction
We are currently seeing a marked emergence of new groups of attackers whose focus is on deleting data rather than encrypting it and extorting a ransom. This significantly increases the damage for companies – firms without functioning backups are at particular risk of total economic loss. The new groups also benefit from the fact that investigative authorities have broken up numerous cyber gang networks in recent months.

“We are currently seeing a new generation of hackers who have significantly less technical expertise than known groups of offenders,” says Tim Berghoff, Security Evangelist at G DATA CyberDefense AG. “These cyber criminals deliberately use malware-as-a-service to sabotage companies. The focus of these groups is on causing chaos, not financial gain.”

Social engineering with AI: better, faster, more efficient
People remain the number one target for cyber criminals. The use of artificial intelligence (AI) is making it increasingly difficult for potential victims to distinguish real messages from fake ones. The creation of fake videos and images is getting faster and faster. This means, for example, that attempts at fraud using fake identity verifications with banks or financial service providers will increase. Attackers also lure their victims into traps by way of video conferences involving fake conversation partners.

“AI-supported tools make it easier to automate spam messages and make them harder to detect, because common identifying features such as spelling mistakes are increasingly absent,” says Tim Berghoff. “This is where employees with the appropriate security awareness are needed to detect these attempts at an early stage. However, new security protocols for verifying the authenticity of such media would also improve security.”

It will get worse before it gets better
In 2025, many companies will face the task of complying with regulatory requirements such as NIS-2, CRA and DORA. In some cases, this will require very complex projects to establish the necessary processes and measures. These extra tasks put a particular strain on the limited personnel resources of medium-sized companies, leaving them with insufficient time for demanding security tasks such as timely patching or log file analysis. It can therefore be assumed that the security situation will deteriorate in the short term before companies implement the necessary measures to achieve the desired level.

Using AI for better security
Cyber defence companies are also increasingly relying on AI in the fight against cyber criminals. This includes things such as user-friendly control systems and evaluation of the security products being used. The aim is to make complex security operations more accessible through AI-supported queries. One example is data retrieval via natural language input to facilitate the handling of large amounts of data. In this regard, AI tools can be used to provide a comprehensible summary for contextual explanations of irregularities or anomalies in the network.

New language, new attack vector: Rust
The programming language Rust is gaining in significance and is being used more and more. It is now increasingly being included in many operating systems because it can be used to avoid security vulnerabilities, for example. Rust is also becoming more and more popular in the IT security industry as it offers security precautions that minimise errors in development. The downside is that malware developers are also using Rust because it can embed itself deeply in the system. As a result, developers in the security industry need to adapt reverse engineering tools to analyse these new threats better.

Protective measures are working
The fact that the number of aborted attacks is increasing, as analyses of incident response operations show, is encouraging. Attacker groups are often forced to back out of networks or can only encrypt parts of the systems. One reason for this is that, after easily gaining initial access to the network, they encounter greater difficulties when trying to propagate across it. Added to this is a lack of technical knowledge of how to penetrate further into the network. This is where simple security measures such as segmented networks really pay off.