The ESTsecurity Security Response Center (ESRC) has analyzed the security threats that occurred throughout 2024 and presented forecasts for 2025. The year 2024 was marked by continuous security threats such as supply chain attacks, shifts in the ransomware ecosystem, and the intensification of cyber conflicts between nations. PyPl and major open-source libraries were exploited for supply chain attacks, while the ransomware ecosystem experienced upheaval with the decline of major groups and the emergence of new RaaS organizations.
In addition, international conflicts like the Russia-Ukraine war and the Israel-Hamas conflict expanded into cyber warfare, with frequent attacks targeting critical infrastructure both domestically and abroad. ESRC predicts that in 2025, various threats, including the refinement of DDoS attacks, the rise in cryptocurrency theft, the expansion of security risks in multi-hybrid cloud environments, and the increased importance of security due to the adoption of generative AI, will emerge.
In particular, DDoS attacks are expected to become more sophisticated by leveraging AI technologies to utilize virtual machines and containers in cloud environments. These attacks will likely escalate in scale and precision. Furthermore, geopolitical conflicts are anticipated to sustain and expand state-sponsored cyberattacks. Rising cryptocurrency prices are expected to drive increases in ransomware, mining, and data theft attacks, while the complexities of securing multi-hybrid cloud environments and the expansion of attack surfaces pose growing challenges.
ESRC has also highlighted the risks associated with the widespread adoption of generative AI, such as the potential for internal confidential information and personal data leaks. They strongly advise businesses to thoroughly review the security of generative AI solutions before implementation and take proactive measures to prevent accidents.
ESTsecurity stated, “The cybersecurity landscape evolved continuously throughout 2024, and we anticipate diverse security threats to persist in 2025. We will do our utmost to create a safer digital environment.”
