Ransomware will continue to be the most disruptive cybercrime worldwide in 2025, according to Google Cloud Security

He ‘ransomware’ will continue to be the most disruptive type of cybercrime globally, both due to the volume of incidents and the scope of the potential damage of each attack, and is expected to increase outside the United States over the next few years, as predicted by Google Cloud Security .

This division of Google has reached this conclusion in its report Cybersecurity Forecast 2025which includes forecasts from experts and security teams from Google Cloud, Mandiant Consulting, Google Security Operations or VirusTotal, among others.

These forecasts refer to factors that will define the future of cybersecurity next year, understanding that the industry will continue to innovate while organizations will face changing challenges in a broad landscape of cyber threats.

Firstly, the company predicts that Artificial Intelligence (AI) will continue to grow in interest and use by cybercriminals, to intensify and sophisticate their attacks, as well as by cybersecurity teams, with the aim of automating tasks, improve the efficiency of investigations and enable semi-autonomous security operations.

In this sense, he has stressed that cybercriminals will continue to adopt AI-based tools at high speed to increase and assist their online operations in the different phases of the attack life cycle.

Likewise, Google considers that Rapid advances in this area are changing tactics for both defenders and attackers, which is why organizations must prioritize a proactive and comprehensive approach to cybersecurity, changing their conception of the problem and understanding that it poses a real risk.

Therefore, by 2025, the company hopes to see a second phase of AI and security in action, consisting of moving from pilots and prototypes to large-scale deployment and adoption and “with real use cases”, as explained by the director of the CISO Office, Iberia & Latam of Google Cloud, Jorge Blanco.

The manager has insisted that companies must be prepared to neutralize these perfected cyber threats and has stressed that ‘ransomware’, which “has been around for four or five years being the top of the concerns of those responsible security of organizations (CISO), will continue to be the most worrying globally, as it is expected to increase outside the United States in 2025.

This is due to two reasons. First, because it is a very lucrative business with very low risk for attackers and, second, because greater use of generative AI is being recorded to make the dissemination campaigns for this ‘malware’ more effective. In this sense, Blanco has also clarified that entry vectors continue to be ‘phishing’ campaigns with malicious emails or websites that pose as legitimate, as well as ‘deepfakes’ and other publications on social networks.

There is also a growing threat of ‘malware’ Infostealer which, despite not being a new threat, has demonstrated a worrying increase in sophistication and effectiveness. “It is usually the first step for a next attack because once they have stolen a credential from an online system or service, they can continue advancing or making lateral movements until you reach your final goal,” Blanco added.

In the order of other global forecasts, Google has pointed out in its report that these companies must prepare for the era of post-quantum cryptography, so that they must begin to understand the risks posed by quantum computing; and that there is a greater interest in Web3 and cryptocurrency thefts.

This means that, heading into next year, Web3 companies will need to invest in enhanced security controls and monitoring tools to help detect attacks in the earliest stages of its life cycle, as well as help prevent theft. This is because cybercriminals will continue to focus on smart contract vulnerabilities and the theft of private keys to extort users.

GEOPOLITICAL CONFLICTS

Google has also focused on the cyber threats registered in the great powers of Eastern Europe, Asia and the Middle East, underlining that the war in Ukraine will continue to be the main focus of cyber espionage operations and that State-sponsored tactics The ‘Big Four’ (Russia, China, North Korea and Iran) will continue to evolve.

In this case, Russia It will use cyber attacks and information operations to support its global interests, with governments and organizations in the Middle East and Northern Europe. Likewise, the Russians will continue to use a variety of tactics to promote Russian interests and weaken opponents.

Google also anticipates that the institutional investments that China The efforts made to equip their cyber threat operators over the past decade will continue to drive threat activity volume and capability development trends through 2025.

So much so that, according to the firm, it is expected to continue observing malicious actors that support the Chinese State continue to execute stealth tasks, including redes Operational Relay Box (ORB), to hide operator traffic and exploit ‘zero day’ vulnerabilities.

Iran, For its part, it will focus on the conflict with Israel and Hamas, supporting operations aimed at governments and organizations in the Middle East and North Africa, while North Korea will continue with cyberespionage and cybercrime campaigns to support its geopolitical objectives and generate income by stealing cryptocurrencies.

TRENDS IN EMEA

The report also highlights the trends that will occur in 2025 in the countries of Europe, the Middle East and Africa (EMEA), which are based on three focuses. The first of them determines that 2025 will be a “crucial” year for compliance with the new Network and Information Security Directive (NIS2), which will impose stricter security requirements and expand its reach to more sectors.

In this way, organizations must invest in training programs and technologies focused on security and incident response planning to comply with what this legislation requires.

Google has also noted that geopolitical conflicts drive threats and that countries that align themselves with these confrontations may suffer consequences in the cyber sphere. Therefore, he believes that EMEA companies they should be prepared to confront attacks directed at critical infrastructures.

Finally, he indicated that cloud security will continue to be a key priority and that be careful with configuration errorsinadequate monitoring, credential reuse, or poor security practices in unmanaged cloud environments.