Report anticipates increased threats from ransomware, initial access brokers, and social engineering; as well as heightened risk tied to geopolitical developments
ZeroFox, a leading external cybersecurity provider, today released its annual 2025 Threat Forecast Report outlining key predictions and recommendations from ZeroFox Intelligence. Key takeaways include an anticipated increase in new ransomware and digital extortion (R&DE) threat collectives, lowered barriers to entry for threat actors through phishing-as-a-service (PhaaS) offerings and generative AI tools, and the compromising of organizations’ downstream operating partners from continued risks to third-party providers.
Combining the depth and breadth of ZeroFox’s intelligence experience and unique access, the 2025 Threat Forecast provides a comprehensive analysis of the global cybersecurity landscape, examining emerging threat trends across multiple domains. The report leverages insights from 2024 – like the continued uptick in RD&E incidents and record sale volume of compromised credentials across deep and dark web (DDW) marketplaces – to predict threats on the horizon.
The 2025 Threat Forecast Report includes in-depth assessments of anticipated external threat trends including:
- Deep and dark web (DDW) landscape: ZeroFox Intelligence predicts DDW marketplaces and the actors that frequent them will continue to be impacted and governed by external factors such as law enforcement operations and geopolitical issues, extracting maximum profit while maintaining their reputation, and operational continuity.
- Ransomware and digital extortion (R&DE): 2024 was a record year for R&DE collectives with a greater number of victims identified than any year before. ZeroFox Intelligence anticipates incidents will remain at elevated levels in 2025, with new collectives, such as RansomHub, posing a significant threat to organizations across industries and regions.
- Generative artificial intelligence (GenAI): ZeroFox Intelligence predicts the greatest cyber threat posed by GenAI will likely come from malicious actors harnessing new technologies to enhance the efficiency, efficacy, and accessibility of existing tactics, techniques, and procedures (TTPs) and threat vectors.
- Social engineering: In 2025, social engineering will remain one of the most dangerous threat vectors leveraged by malicious actors looking to gain initial network access, conduct fraudulent activity, or steal data via evolved TTPs such as phishing and the bypassing of multi-factor authentication (MFA) to exploit both technical vulnerabilities and human elements within the security chain.
- Initial Access Brokers (IABs): ZeroFox Intelligence predicts IABs pose a significant threat to organizations globally by increasingly seeking to monetize access to third-party service providers, enabling threat actors to compromise downstream operating partners, as well as organizations reliant upon interconnected systems and networks.
- Geopolitical and Cyber Convergence: During 2025, geopolitical developments will heavily influence the cyber threat landscape with threat actors continuing to operate with political partisanship and target the private sector in response to trade policies. The report provides specific insights into the European Union, China, Russia, and Israeli and Iranian tensions.
“In our 2025 threat forecast, we’re seeing the perfect storm of cyber risk. Threat actors are rapidly weaponizing generative AI to create more sophisticated social engineering attacks, while ransomware collectives continue to evolve their tactics at an alarming pace,” said Adam Darrah, ZeroFox Vice President of Intelligence. “The geopolitical landscape is adding another layer of complexity, with cybercriminal groups increasingly taking sides in complex geopolitical issues. Our intelligence team is tracking a threat environment that’s becoming more dynamic, more targeted, and more dangerous with each passing month.”
Also Read: Ensuring High Availability in a Multi-Cloud Environment: Lessons from the CrowdStrike Outage
Beyond predictions for next year, the report also offers security practitioners strategic recommendations to counter external cyber threats and protect their ever-growing external attack surfaces. ZeroFox is proud to share its industry-leading intelligence with customers and the wider security community to mitigate risk and reduce uncertainty around the evolving threat landscape.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
