2024 was a bruising year in the world of cybersecurity, marked by relentless attacks that left governments and businesses alike scrambling to stay one step ahead. Nation-state threat actors and cybercriminals upped the ante by launching sophisticated campaigns that targeted everything from election systems to critical infrastructure. No sector was safe.

For election systems, hackers aimed not only to steal information but also to undermine public trust in democratic processes. Meanwhile, attacks on critical infrastructure — think power grids, water supplies and transportation networks — sent shockwaves through industries and communities. These were not just theoretical risks anymore; they were tangible events that exposed vulnerabilities in systems many assumed were safe.

Private companies fared no better, as IT environments became fertile ground for cybercriminals seeking to exploit weaknesses in software, supply chains and remote work setups. The complexity of modern IT systems only added fuel to the fire. Even the most well-prepared enterprises struggled to keep up, as attackers grew more adept at exploiting zero-day vulnerabilities and crafting highly personalized phishing campaigns.

What became clear by the end of the year is that cybersecurity can no longer be treated as an afterthought. As we shifted into 2025, security experts from across NTT (News - Alert) and its global operating companies revealed what they think will trend in 2025 when it comes to cybersecurity. These trends include ways with how cyberattacks will continue to evolve.

Mihoko Matsubara, chief cybersecurity strategist, NTT Corporation, predicts that AI, GenAI and deepfakes will drive cybercrime. The world will see more ransomware, phishing attacks and business email compromise.

To counter growing AI-driven cyber threats, defenders must adopt AI-powered threat detection and response as well as cyber threat intelligence collection and analysis. Then there’s the question of figuring out how to take full advantage of AI for cyber defenses. Organizations must seek a centralized platform to enable smooth workflow and analysis, and they must be mindful of overdependence on a single vendor and a widespread IT outage similar to the one by CrowdStrike in July 2024.

John Petrie, counselor to the NTT Global CISO, predicts multinational attacks against like-minded nations

In 2025, Petrie believes China may instruct “Typhoon” assets to execute their offensive cyber operations against the west including Japan, U.S., Europe, Australia, etc. in support of its strategic response to President-elect Donald Trump’s threat of tariffs.

“This may disrupt critical infrastructure (specifically IP, telecom, and control networks) where I believe that resiliency and redundancy capabilities will be extremely tested (and, in some areas, fail),” said Petrie. “The offenders can execute varying degrees of disruptive and potentially critical attacks from internal and external attack vectors.”

David Beabout, chief information security officer, NTT Security Holdings, predicts supply chain attacks against weak links. Threat actors are aware of the effects of targeting weak links within supply chains, as evidenced by incidents like the software update compromise at CrowdStrike earlier this year. Therefore, organizations must prepare for these evolving threats by enhancing detection capabilities. They need to reinforce supply chain security and stay attuned to geopolitical risks.

Taro Manabe, NTT Security Japan, senior manager, Professional Service Division, predicts collaboration between North Korean APT (News - Alert) and Russian cybercrime groups. After Kim Jong Un and Putin met in 2023, NTT did look into a Telegram post about a Russian hacker group in North Korea recruiting members to target banks.

“Reports suggests that personnel exchanges between Russian and North Korean hackers have already begun,” said Manabe. “While it is believed that various collaborations have taken place, few confirmed events have surfaced so far. We anticipate that more information will gradually come to light.”

A potential collaboration involves the North Korean APT group "Jumpy Pisces," which was linked to a Russian ransomware attack revealed in October 2024. There is a chance that this cooperation may become even more active in 2025, especially in the field of cryptocurrency, in which North Korea appears to be generating huge profits through cyberattacks. Additionally, North Korean APT involvement in ransomware attacks may become more prominent.

Lastly, Itaru Kamiya, senior researcher, NTT-CERT, predicts a rise in consumer protection transparency and regulation.

“If every product or service discloses to consumers how the products are produced, manufactured and are delivered to consumers’ hands, consumers awareness about the risk of using certain products or services will increase,” said Kamiya.

Look at it this way. In many countries, food products are required to clearly indicate the names of their ingredients. Ensuring that food items are sealed at the production site and then displayed in stores guarantees no tampering during the distribution process.

“I believe that a strategy for consumer electronic products and services similar to that used for food products will be required in the future,” said Kamiya.

With these trends, it is always best to remember this line from NTT’s report: “Forward-focused planning is vital to protecting the global interests of governments, corporations and individuals alike.”