More business-process attacks, device-based attacks and identity-based deepfake attacks are headed our way, predicts a specialist firm
This year, phishing kits will get trickier. Phishing continues to be an effective method for Identity-based attacks, and we do not expect that to change just yet.
In fact, we are increasingly seeing scammers using advanced phishing kits — virtual toolboxes of resources designed to make attacks much easier to launch and repeat.
For the rest of 2025, these kits will evolve to make phishing even harder to detect. For example, some kits are now able to bypass “impossible travel” flags, using residential proxies to spoof the real users’ location.
To combat tactics like these, we strongly recommend that organizations adopt phishing-resistant authentication and block requests from anonymizing services. Our other carefully considered cyber predictions for 2025 include:
-
Device-based attacks will make a comeback
Sometimes a prominent security incident can cause a widespread shift in strategies. That happened in 2022, when a collective of hackers known as Scatter Swine used social engineering and credential phishing to bypass multi-factor authentication (MFA) and access information about more than 100 companies. Of nearly three dozen of these targeted firms, nearly all had adopted strong phishing-resistant authenticators in the wake of the attack.
While embracing phishing resistance is critical, it is not sufficient, because when persistent attackers can no longer rely on phishing as a tactic, they will pivot to something else.
We are already seeing a shift to device-based attacks, with hackers working to compromise users’ phones, laptops, and networks. They may try to trick a user into installing malware, for example, and then steal their login credentials so they can access sensitive systems and data within the user’s company. Or they will initiate a cross-device authentication attack, setting up a connection between their own device and the one they have just compromised — so they can forward authentication requests to themselves and impersonate that user to gain access.
Fortunately, we are far from helpless against device-based attacks. By establishing device trust, organizations can thwart device-based attacks by ensuring only authorized people and technology can access specific resources. Also, by integrating with endpoint detection and response services, they can protect against threats like malware and ransomware through always-on monitoring of end users’ devices.
-
Business processes will become targets
Not all security threats will involve vulnerabilities in an organization’s tech stack. Instead, some clever attackers will look to exploit weaknesses in business processes. For example, they could call a firm’s IT help desk pretending to be a new employee, so they can gather information about the software the workforce uses.
Over time, this approach can provide an attacker with a detailed profile of how a firm operates, so they will be even more convincing the next time they try to impersonate employees.
To prevent this type of attack, educate your workforce to be vigilant for unusual or unauthorized activity. Organizations should also implement robust processes to verify their remote workforce, including using identity verification solutions during critical moments of the user lifecycle.
-
Downgrade attacks will continue surging
In 2024, we saw an upswing in “downgrade attacks” in which an initial tactic causes a targeted system to switch to a less-secure mode of operation, making it more vulnerable to a follow-on attack.
Downgrade attacks can compel users to abandon phishing-resistant authentication methods for less secure ones. For example, an attack could come in the form of an SMS message asking a user to disconnect a security dongle from their laptop. Or it could be a call from someone pretending to be on the user’s IT team, asking them to remove a security factor from their account.
We expect downgrade attacks to continue posing a significant security threat in 2025. Again, while implementing secure processes and procedures is critical, employees also play an important role. Teach them to be wary of social engineering attacks, and to never provide passwords or codes over channels such as SMS.
-
GenAI will pose new challenges
Finally, no list of 2025 predictions would be complete without mention of AI. Along with all of its promise and potential, Generative AI is already causing plenty of headaches for security teams. In 2024 alone, we saw several stories of scammers using deepfake videos of C-suite leaders to trick employees into transferring money or sharing sensitive information.
In 2025, we should expect to see more deepfakes go real time, with audio and video generated on-the-fly to mimic real conversations.
Business processes must evolve to mitigate the impact of threats like these. Employees could be encouraged to start using code words or safe phrases to confirm each other’s authenticity. And companies should create a culture where staff feel empowered to push back when they feel like leaders are making unreasonable, potentially suspicious requests.
The world of identity-based attacks is a dynamic one, an ongoing struggle that is spurring constant innovation and adaptation on both sides. For organizations looking to protect their users and data, it will take an evolution in technologies, policies, and business processes to put up an effective defense. Start today.
