Microsoft ends support for Internet Explorer on June 16, 2022.
We recommend using one of the browsers listed below.

Microsoft Edge（Latest version）
Mozilla Firefox（Latest version）
Google Chrome（Latest version）
Apple Safari（Latest version）

Please contact your browser provider for download and installation instructions.

December 19, 2024

Information

NTT's Top Five Cybersecurity Trends for 2025

2024 proved a difficult year in cybersecurity for both the public and private sphere, with seemingly constant attacks from nation-state threat actors and cybercriminals targeting everything from elections systems to critical infrastructure to IT environment systems.

In this world of ever-advancing security threats, forward-focused planning is vital to protecting the global interests of governments, corporations and individuals alike.

Below, security experts from across NTT and its global operating companies share their predictions for how cyberattacks will evolve in 2025, including the growing capabilities of artificial intelligence, the continued growth of geopolitical cyberwarfare, the further exploitation of supply chain vulnerabilities, consumer-focused cyber impacts and more.

1. Rise in AI-Driven Cyber Threats
1. AI driving cybercrime
  By: Mihoko Matsubara, Chief Cybersecurity Strategist, NTT Corporation
2. In 2025, the world will increasingly face cybercrime driven by AI, generative AI and deepfakes; actors who created ransomware with generative AI were arrested in China in November 2023 and Japan in May 2024. The world will see more ransomware, phishing attacks and business email compromise (BEC). VIPRE Security Group reported in July 2024 that 40% of their detected BEC messages were created by AI.
3. To counter growing AI-driven cyber threats, defenders must adopt AI-powered threat detection and response as well as cyber threat intelligence collection and analysis. Vectra AI found in 2023 that U.S. Security Operation Centers use 3.3 billion USD for manual triage. Without AI support, more defenders would suffer stress and burnout, which would only benefit attackers.
4. To fully take advantage of AI for cyber defense, organizations will have to seek a centralized platform to enable smooth workflow and analysis. Yet, organizations must also be mindful of overdependence on a single vendor and a widespread IT outage similar to the one by CrowdStrike in July 2024.
1. Gen AI as part of attack frameworks
  By: John Petrie, Counselor to the NTT Global CISO
2. From an advanced technology use perspective, the bad actors already have integrated next-generation AI tools into their attack frameworks, expanding the attack vectors that the bad actors can use to enter company and government systems undetected. This, combined with recently refined operational tactics, will enable bad actors to increase their capability to 'live off the land' and execute undetected attacks with an increase to an 80% success rate.
3. Looking beyond AI, as researchers continue to unlock the capabilities of quantum computing, bad actors will acquire the results of their research and develop their own quantum capabilities that will further expand the threat landscape.
1. Rise in attack volume
  By: David Beabout, Chief Information Security Officer, NTT Security Holdings
2. The volume of known attack types is expected to rise sharply, and the proliferation of generative AI tools will enable less sophisticated threat actors to quickly enhance their capabilities, resulting in an influx of new participants in the cybercrime ecosystem.
3. While these attacks may not demonstrate heightened sophistication, the sheer increase in volume will pose significant challenges for defenders.
1. Deepfake scams will spread
  By: Mihoko Matsubara, Chief Cybersecurity Strategist, NTT Corporation
2. A Hong Kong-based finance worker of British engineering firm Arup fell victim to a 25 million USD deepfake scam in early 2024, and the United States and United Kingdom reported many virtual kidnapping ransom scams by deepfake in 2024.
3. Japan has not seen many reports like this yet except for one attempt in early 2023 where a criminal tried to combine BEC and a deepfake phone call. However, Japan and other parts of the world will also start to face this type of scam in 2025.
2. Geopolitical Cyber Warfare
1. Multinational attacks against like-minded nations
  By: John Petrie, Counselor to the NTT Global CISO
2. From a nation state perspective, I think the continued cyberattacks by various nations (Russia, China, Iran, North Korea) against the defenses of like-minded nations (Japan, United States, Australia, United Kingdom, etc.) increases. In 2025, I believe China may instruct "Typhoon" assets to execute their offensive cyber operations against the west including Japan, United States, Europe, Australia, etc. in support of its strategic response to President Trump's threat of tariffs. This may disrupt critical infrastructure (specifically IP, telecom, and control networks) where I believe that resiliency and redundancy capabilities will be extremely tested (and, in some areas, fail). The offenders can execute varying degrees of disruptive and potentially critical attacks from internal and external attack vectors.
1. China-produced computer chips and security
  By: John Petrie, Counselor to the NTT Global CISO
2. From a computer chip perspective, there are continually publicly released examples of China's produced chips (that are already in use) containing onboard instructions that have a negative impact on security controls and in some discussions, indicate the remote access from control systems around the world owned (or controlled) by China's "Typhoon" assets. The west has not moved fast enough to reduce this risk in all the chip production locations.
3. I predict China may test their disruption and network takeover strategy against critical infrastructure providers in the west starting first in Asia-Pacific. This could be in conjunction with the political strategy and tied to China's response to President Trump's position on trade. I think there is a possibility of China using all this disruption to build advantage in the Taiwan strait while supporting other fronts (middle east, Ukraine, Korea) to keep U.S. and its allied countries tied up in support to those conflicts. Overall, I believe we will see the intensity of the attacks across multiple attack vectors to disrupt and harm critical infrastructure in multiple, coordinated events.
1. APAC and geopolitical tensions
  By: David Beabout, Chief Information Security Officer, NTT Security Holdings
2. Geopolitical tensions—particularly involving Asia, the People's Republic of China and Taiwan—are likely to drive sophisticated and complex attacks targeting critical infrastructure globally. These operations aim to impose economic and societal stress, with potentially far-reaching consequences for the systems we depend on daily.
3. Global Cybercrime Collaboration and Expansion
1. Collaboration between North Korean APT and Russian cybercrime groups
  By: Taro Manabe, NTT Security Japan, Senior Manager, Professional Service Division
2. While cooperation between North Korea and Russia has been reported on the ground in conflict zones in Ukraine and Russia itself, signs of collaboration between North Korean advanced persistent threat (APT) groups and Russian cybercriminals are also emerging in cyberspace.
3. Shortly after the 2023 meeting between Kim Jong Un and Putin, our team observed a post on Telegram in the hacker community about a Russian hacker group in North Korea recruiting members to target banks. Reports suggests that personnel exchanges between Russian and North Korean hackers have already begun. While it is believed that various collaborations have taken place, few confirmed events have surfaced so far. We anticipate that more information will gradually come to light.
4. One potential collaboration involves the North Korean APT group "Jumpy Pisces" which was linked to a Russian ransomware attack revealed in October 2024.
5. This cooperation may become even more active in 2025, especially in the field of cryptocurrency, in which North Korea appears to be generating significant profits through cyberattacks. Additionally, North Korean APT involvement in ransomware attacks, an area where Russian cybercriminals excel, may become even more prominent in the new year.
1. The multilingualization and expansion of cybercrime communities
  By: Taro Manabe, NTT Security Japan, Senior Manager, Professional Service Division
2. In the world of cybercrime, English and Russian have traditionally been widely used within many communities as the international languages.
3. Recently, it has been observed that cybercrime communities are expanding into various languages, particularly in developing countries. By enabling communication in native languages, these communities are broadening their reach, and multiple languages have been identified where entire ecosystems are being established.
4. It is anticipated that attacks by cybercriminals using a variety of languages will increase in 2025.
4. Supply Chain Attack Expansion
1. Rise in supply chain attacks
  By: Taro Manabe, NTT Security Japan, Senior Manager, Professional Service Division
2. Recent cybercriminal intrusions into companies, particularly ransomware-related intrusions, have heavily relied on virtual private networks (VPNs) and remote desk protocol (RDP) as primary entry points.
3. Many incidents of infiltration through these methods have been widely reported and are now well known.
4. As companies continue to strengthen their countermeasures, it is likely that attackers will shift their focus to less secure areas. In 2025, the emphasis of attack vectors may increasingly shift to supply chain attacks.
1. Ransomware targeting
  By: Mihoko Matsubara, Chief Cybersecurity Strategist, NTT Corporation
2. Japan will see more ransomware attacks to disrupt supply chain in 2025. Already in 2024, suspended services provided by victims slow down customers' business operations, and ransomware criminals infiltrated sensitive personal and business information belonging to those customers. Some customers have decided to stop their business partnership with the victim.
3. As of September 2024, over 60% of reported victims are small and medium-sized companies in Japan, according to the National Police Agency. Yet, it appears that ransomware criminals sometimes target an individual employee of a company to demand only a few hundred dollars so that the employee is more likely to pay without reporting the incident to the leadership, not resolving any cybersecurity issue. This trend will continue in 2025 as criminals try to make easy money from poorly governed organizations.
1. Supply chain attacks against weak links
  By: David Beabout, Chief Information Security Officer, NTT Security Holdings
2. Supply chain attacks are anticipated to grow in frequency and impact. Threat actors are increasingly recognizing the cascading effects of targeting weak links within supply chains, as evidenced by incidents like the software update compromise at CrowdStrike earlier this year. Such attacks highlight the vulnerabilities within interconnected systems and the potential for massive downstream disruption across industries.
3. Organizations must prepare for these evolving threats by enhancing detection capabilities, reinforcing supply chain security and staying attuned to geopolitical risks.
5. Advancing Consumer Protections
1. Rise in consumer protection transparency and regulation
  By: Itaru Kamiya, Senior Researcher, NTT-CERT
2. In 2024, several security events have occurred raising questions about how certain consumer products and services were created and whether they can be used with confidence.
3. First, XZ Utils, the maintainer account that had been active for more than two years and suddenly inserted malicious code. Second, the case of Pollyfill.io, in which a malicious code was suddenly inserted after an ownership change. In hardware products, explosives were placed in pagers, distributed and then detonated online. In each case, an unwanted threat was introduced to consumers in the manufacturing and shipping process of consumer products.
4. In the U.S., new regulations for connected cars have been proposed to eliminate components which are made in certain countries from servicing critical functions. This is expected to be a heavy burden on companies, but it is understandable given that some countries are attacking the infrastructure of other countries.
5. In 2025, threats to embedded products or services will continue to increase. If every product or service discloses to consumers how the products are produced, manufactured and are delivered to consumers' hands, consumers awareness about the risk of using certain products or services will increase. Consider: In many countries, food products are required to clearly indicate the names of their ingredients. And by ensuring that food items are sealed at the production site and then displayed in stores, it is guaranteed that there will be no tampering during the distribution process. I believe that a strategy for consumer electronic products and services similar to that used for food products will be required in the future.
6. It can be expected that regulations (like those for connected cars) will increase in the future for products which can pose a threat to national security or a threat to privacy when compromised. Companies will feel the stress of new regulations, but the regulations will be good news for consumers.