- Google reveals predictions of the main cybersecurity threats in 2025
- AI will be used in attacks and defense, predicts
- The 'Big Four' state actors will continue to be a threat
Artificial intelligence has been named one of the biggest security threats over the next year by leading experts.
Given AI's dominance in the headlines over the past year, it won't surprise most people that it's at the forefront of Google's 2025 Cybersecurity Forecast as a top threat, alongside state-sponsored threat actors and ransomware.
State-sponsored attacks are nothing new, but as global tensions rise and conflicts in Ukraine and Gaza continue, politically motivated attacks will continue to be launched against critical infrastructure targets around the world; Google names 'Big Four' geopolitical threats to the West. cybersecurity such as Russia, China, Iran and the Democratic People's Republic of Korea (North Korea).
AI in deepfakes
Google, like many others, predicts that AI will continue to be used as a cyber defense tool, and also in cyber attacks over the next year. Large-scale adoption of semi-autonomous security operations will usher in a “second phase of AI security,” the forecast predicts.
Google sees AI as a key tool to combat threats in the future, but says that Information Operations (IO) threat actors will continue to leverage generative AI tools in their attacks.
Using LLM to create content such as deepfakes and vishing, phishing and other social engineering attacks will lead to cybersecurity teams fighting more frequent and effective incidents.
Ransomware and data theft extortion are also likely to continue impacting organizations around the world in 2025. The frequency and severity of ransomware has skyrocketed to new highs in 2024, and custom malware attacks will continue.
“Without a doubt, multifaceted extortion and ransomware will continue in 2025, likely with an increase outside the United States,” said Charles Carmakal. Mandiant CTO, Google Cloud
Data theft campaigns were seen as a growing threat in 2024, and Google anticipates seeing more of the same next year as relatively unskilled threat actors can use these tools to infiltrate prominent organizations.