2025年网络安全趋势情报报告

Index Introduction The cybersecurity landscape in 2025 will be markedby the evolution of cyber threats, the emergence ofmore robust laws and a succession of technologicalinnovations. As malicious actors refine their strategies This report is based on the analysis prepared by Lab52, the cyberintelligence division of S2GRUPO. It details the critical cyber threats thatwill define the security landscape: from the persistence and evolution ofransomware and the growing threat of state actors (governments willingto organize or sponsor their own attacks), to the rise of hacktivism. This In addition, the dossier explores the trends and challenges thatparticularly affect companies and organizations, from the tightening ofregulations - with stricter and more far-reaching regulations - to the need The focus is also on the growing demand for greater visibility and controlover OT network monitoring, a critical area for industrial infrastructures.Finally, it is proposed to go much further in the challenge of raising Through these points, we hope to provide CISOs and cybersecuritymanagers with a synthetic but robust reading that will identify prioritiesand courses of action for this year. CybersecurityOverview: 2024 has witnessed the rise of cybercrime asa service (CaaS), a business model that makesready-to-use cyber offensive tools such asransomware (RaaS) and phishing as a service(PhaaS) available to the attacker. This allows evennon-technical individuals to launch sophisticatedattacks and drastically expands the scope of According to estimates by the FBI and the IMF, theglobal cost of cybercrimecould soar as high as23billion dollars in 2027¹, demonstrating the growing Cybersecurity already accounts for9% of ITinvestments in the European Union⁴. Not only that: most organizations anticipate anincrease in their budgets, either on a one-off orpermanent basis, in response to the increasingsophistication of threats and regulatory pressure.In an environment where digital resilience has On the other hand, companies faced serious internalchallenges. Globally, almost US$200 billion havebeen invested annually in cybersecurity productsand services, but these outlays are not sufficientwithout the support of qualified professionals². Itis estimated that by 2030, there will be a shortageof 85 million workers in the cybersecurity sector, Regulatory pressure also increased significantlyin 2024, a key year with emergence of the Networkand Information Directive 2 (NIS 2), the EuropeanCyber Resilience Act (CRA), the U.S. NationalCybersecurity Strategy (NCS), the OperationalTechnology Cybersecurity Master Plan and Chile’s Criticalcyber threats: The year 2024 has seen an increasinglychallenging cybersecurity environment,where threats have evolved bothsophistication and scope. Three main vectorshave dominated the scene:ransomware, Ransomware, historically associated with cybercrime, is expandingits purpose beyond economic extortion, being used as a tool todisrupt critical operations and make it difficult to attribute attacks.State actors, for their part, continue to operate with strategicprecision and devote significant resources to cyberespionage, 01.Ransomware Traditionally, ransomware has been associated withcybercrime and used as a means of extortion forfinancial gain. However, in 2024 it has also enabledcybercriminals to disrupt the activity of their victims, In the last 12 months, S2GRUPO’s intelligence unit,Lab52, has identified almost a hundred activeransomware groups.Lockbit3(9.4% of attacks), The sectors affected show a homogeneousdistribution. The most affected sectors includemanufacturing (14%) and healthcare (9%). Inthe case of the former, the high percentage ofattacks could be due to the fact that this sector During the past year, an average of460 ransomwareincidentswere recordedper month. The figure maybe even higher, as only cases that organizations Most active ramsomwaregroups in 2024 Sectoral distribution oframsonware victims in 2024 PREDICTIONS2025 In 2024, the RaaS-based business model proves to be surprisingly resilient andlucrative, defying the efforts of international authorities to dismantle thesenetworks. For this reason, ransomware-related operations are expected to continue At the same time, the increase in the exploitation of zero-day vulnerabilities- security flaws not yet known to developers and therefore not yet patched -together with the growing complexity of global supply chains, will make it easierfor malicious actors to compromise critical points within these infrastructures. 02.State actors State actors are operational groups madeup of specialists who act in defense of thestrategic interests of a State, which providesthem with financial, technological and logistical Analysis of the distribution of victims of state actorsreflects thestrategic nature of their targets,witha clear focus on key sectors. More than one-thirdof the attacks are directed atgovernment entities Thedefense