Evolution of Threat Actors in 2024 and Predictions for 2025
Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks.

TL;DR
- AI-Driven Attacks: Threat actors used AI to craft sophisticated phishing emails, evade detection systems, and identify vulnerabilities more efficiently. This trend is expected to continue into 2025.
- Ransomware Evolution: Ransomware attacks evolved with new variants and RaaS platforms, targeting sectors like education, healthcare, and financial services. The trend of threatening to leak data if ransoms are not paid is expected to persist in 2025.
- Cloud and SaaS Exploits: Threat actors focused on exploiting cloud services and SaaS applications, leveraging social engineering and unauthorized access. This trend highlights the need for enhanced cloud security measures.
- Supply Chain Attacks: The interdependencies in supply chains made them attractive targets. Threat actors exploited vulnerabilities in third-party vendors to access larger organizations. This trend is likely to grow in 2025.
- IoT Device Vulnerabilities: The increasing use of IoT devices in critical sectors blurred the lines between physical and digital attacks. Securing these devices is essential to mitigate risks.
Research Summary
In 2024, the cybersecurity landscape saw significant advancements in threat actor tactics, techniques, and procedures (TTPs). Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks. Ransomware continued to be a major threat, with new variants and Ransomware-as-a-Service (RaaS) platforms making sophisticated attacks more accessible. Key sectors targeted included education, healthcare, and financial services, with vulnerabilities in cloud services and IoT devices being exploited.
Looking ahead to 2025, we anticipate a continued rise in AI-driven attacks, zero-day exploits, and supply chain attacks. These trends underscore the need for robust, multi-layered cybersecurity strategies. Organizations must adopt advanced AI-based defense mechanisms, enhance cloud security, and implement zero trust architectures to counter these evolving threats effectively.
AI-Driven Attacks
In 2024, threat actors increasingly used AI to craft sophisticated phishing emails, evade detection systems, and identify vulnerabilities more efficiently. This trend is expected to continue into 2025, making it crucial for organizations to adopt advanced AI-based defense mechanisms. AI-driven attacks will enable attackers to craft more convincing social engineering attacks and evade detection systems more effectively.
Ransomware Evolution
Ransomware attacks have evolved with new variants and RaaS platforms, targeting sectors like education, healthcare, and financial services. The trend of threatening to leak data if ransoms are not paid is expected to persist in 2025. Ransomware attacks will increasingly focus on critical infrastructure sectors such as healthcare, utilities, and transportation, leveraging RaaS platforms to execute sophisticated attacks.
Cloud and SaaS Exploits
Threat actors have focused on exploiting cloud services and SaaS applications, leveraging social engineering and unauthorized access. This trend highlights the need for enhanced cloud security measures. In 2025, the exploitation of cloud and SaaS applications will continue, driven by the increasing adoption of cloud technologies and the potential for unauthorized access through social engineering and other tactics.
Supply Chain Attacks
The interdependencies in supply chains have made them attractive targets. Threat actors exploit vulnerabilities in third-party vendors to access larger organizations. This trend is likely to grow in 2025, with supply chain attacks becoming more sophisticated and widespread. Organizations will need to implement more stringent security measures and conduct thorough assessments of their supply chain partners.
IoT Device Vulnerabilities
The increasing use of IoT devices in critical sectors has blurred the lines between physical and digital attacks. Securing these devices is essential to mitigate risks. In 2025, the focus will be on securing IoT devices in critical sectors where the impact of attacks can be more severe. Regular updates and patches for IoT devices, along with robust security protocols, will help mitigate risks.
Breaches and Case Studies
-
(2024-08-21) Kroll Q2 2024 Threat Landscape Report:
- Description: The education sector was heavily targeted by FOG ransomware, with significant incidents in higher education institutions. Unauthorized access incidents also rose, particularly targeting cloud services.
- Actionable Takeaways: Enhance cloud security, conduct regular vulnerability assessments, and implement robust incident response plans.
- References: Kroll Q2 2024 Threat Landscape Report
-
(2024-12-24) Cyble Report on Top 6 Industries Targeted by Threat Actors in 2024:
- Description: Financial services, healthcare, government, education, energy, and retail sectors were major targets. Ransomware, phishing, and supply chain attacks were prevalent.
- Actionable Takeaways: Invest in threat intelligence, adopt zero trust architecture, and enhance employee awareness.
- References: Cyble Report
Recommendations, Actions, Suggested Pivots, Forecasts and Next Steps..
(Subscribers Only)