Priority Intelligence Requirements for 2025: Emerging Threats in AI, Ransomware and Strategic Defenses
In 2025, the cybersecurity landscape will be shaped by the increasing sophistication of cyber threats, driven by advancements in artificial intelligence (AI), persistent activities of major nation-state actors, and the evolving nature of ransomware and supply chain attacks.

TL;DR
-
AI-Driven Cyber Threats: AI will be leveraged for sophisticated phishing, vishing, and social engineering attacks, as well as for creating deepfakes for identity theft and fraud.
-
Nation-State Actors: The "Big Four" (Russia, China, Iran, and North Korea) will continue to be active in cyber espionage, cyber crime, and information operations aligned with their geopolitical interests.
-
Ransomware and Multifaceted Extortion: Ransomware will remain a major threat, with attackers using AI and automation to increase the speed and precision of their attacks.
-
Critical Infrastructure Vulnerabilities: Critical infrastructure sectors such as healthcare, power grids, water systems, and air travel networks will continue to face significant cyber threats.
-
Geopolitical Factors: Geopolitical tensions and alliances will significantly influence cyber activities. Nation-state actors will use cyber operations to advance their geopolitical agendas.
Research Summary
In 2025, the cybersecurity landscape will be shaped by the increasing sophistication of cyber threats, driven by advancements in artificial intelligence (AI), persistent activities of major nation-state actors, and the evolving nature of ransomware and supply chain attacks. This report outlines the Priority Intelligence Requirements (PIRs) for a cybersecurity intelligence operation in the US, focusing on identifying emerging cyber threats, key threat actors, their tactics, techniques, and procedures (TTPs), potential vulnerabilities in critical infrastructure, and geopolitical factors influencing cyber activities.
AI-Driven Cyber Threats
AI is anticipated to play a pivotal role in cyber attacks in 2025. Threat actors will leverage AI for sophisticated phishing, vishing, and social engineering attacks, as well as for creating deepfakes for identity theft and fraud. AI will also enhance information operations, making content creation more persuasive and inauthentic personas more convincing. This trend underscores the need for advanced AI-driven defenses and robust training programs to detect and mitigate these threats.
Nation-State Actors
The "Big Four" (Russia, China, Iran, and North Korea) will continue to be active in cyber espionage, cyber crime, and information operations aligned with their geopolitical interests. These actors will target critical infrastructure, government entities, and private sector organizations to achieve their strategic objectives. Understanding their TTPs and maintaining vigilance against their activities will be crucial for national security.
Ransomware and Multifaceted Extortion
Ransomware will remain one of the most disruptive forms of cyber crime, with attackers using AI and automation to increase the speed and precision of their attacks. The rise of ransomware targeting supply chains is particularly concerning, as attacks on critical vendors or partners can have cascading effects on entire industries. Organizations must enhance their ransomware defenses and consider cyber insurance to mitigate financial impacts.
Critical Infrastructure Vulnerabilities
Critical infrastructure sectors such as healthcare, power grids, water systems, and air travel networks will continue to face significant cyber threats. The integration of AI and IoT devices in these sectors introduces new vulnerabilities that attackers can exploit. Ensuring the security of these systems through robust cybersecurity frameworks and continuous monitoring will be essential.
Geopolitical Factors
Geopolitical tensions and alliances will significantly influence cyber activities in 2025. Nation-state actors will use cyber operations to advance their geopolitical agendas, targeting adversaries' critical infrastructure and information systems. Understanding the geopolitical landscape and its impact on cyber threats will help organizations anticipate and prepare for potential attacks.
Breaches and Case Studies
-
Microsoft 365 Admin Portal Abuse - November 2024 - BleepingComputer
- Description: Threat actors exploited the Microsoft 365 admin portal to send sextortion emails, bypassing email security platforms.
- Actionable Takeaways: Implement multi-factor authentication (MFA) for admin accounts, regularly review and update security configurations, and enhance email security measures to detect and block such attacks.
-
FortiManager Zero-Day Exploitation (CVE-2024-47575) - November 2024 - The Hacker News
- Description: A zero-day vulnerability in FortiManager was exploited to deploy web shells, compromising sensitive data.
- Actionable Takeaways: Apply patches and updates promptly, conduct regular vulnerability assessments, and implement network segmentation to limit the impact of breaches.
-
Hamas-Linked Espionage Operations - November 2024 - Check Point Blog
- Description: Hamas-linked threat groups expanded their espionage and destructive operations, targeting military and government entities.
- Actionable Takeaways: Enhance threat intelligence capabilities, monitor for indicators of compromise (IoCs) related to known threat actors, and strengthen defenses against espionage activities.
Recommendations, Actions, Suggested Pivots, Forecasts and Next Steps..
(Subscribers Only)