Deep & Dark Web
The deep and dark web (DDW) continues to be critical real estate, with compromised information and a plethora of othertools and servicesfor sale. However, law enforcement (LE) operations created waves in 2024 that will continue to change the environment.
Key Takeaways
- LE operationsin 2024 heavily impacted some DDW environments and prominent operations, driving a level of paranoia across the threat actor community, resulting infrequent changes to moderatorsand the creation of numerous alternative platforms.
- Cybercrime, much of which is planned and monetized within the dark web, ispredicted to cost $12 trillion in 2025according to Forrester.
Deep & Dark Web
Ransomware & Digital Extortion
Ransomware & Digital Extortion
Ransomwareand digital extortion still aren't going anywhere. Newas-a-service operationsmake these campaigns easier and faster for even less experienced threat actors to accomplish.
Key Takeaways
- ZeroFox identified a 15% increase in ransomware and digital extortion monthly incidents in 2024 compared to 2023—which itself was a record-breaking year.
- Ransomware targeting of North America-based organizations is likely to remain disproportionately high in 2025, having hit an all-time high of approximately 62% of global digital extortion activity at the time of reporting in Q4 2024.
Generative AI
Generative AI
Thegreatest impact from GenAIwill stem from threat actors leveraging tools to augment and optimize already-existing tactics, techniques, and procedures (TTPs). With a low barrier to entry, tools such as open-source LLMs and deepfake content can be used to perform nefarious activities.
Key Takeaways
- 75% of security professionals said they have seen an uptick in attacksover the past year, with 85% attributing the rise to bad actors using generative AI.
- Cybersecurity professionals can also leverage AIto fight back with advantages like more extensive asset coverage and expedited response.
Initial Access Brokers
The market for illicit network access surged in 2024, with record levels ofIAB salesidentified across DDW marketplaces. There’s a growing demand for unauthorized access to corporate networks, signaling that this threat will remain high for the foreseeable future.
Key Takeaways
- The average purchase price of IAB sales in 2024 was under $5,000, which represents a substantial return on investment for a variety of threat actors.
- North American organizations will likely continue to be the primary target for IABs, with the region accounting for approximately 45% of all access sales in 2024.
Initial Access Brokers
Geopolitical & Cyber Convergence
Geopolitical & Cyber Convergence
Many aspects of the geopolitical environment are significantly more dynamic and unpredictable than they have been in recent years. In 2025, threat actors will continue to operate with political partisanship, with cybercriminal collectives aligning themselves on either side of the geopolitical dispute.
Key Takeaways
- In 2024, we sawcyber threats to major USandUK elections, as well as theParis Olympics, exemplifying the geopolitical and cyber convergence.
- Growing tensions between nation-states as well as direct military conflicts could escalate the number of cyberattacks and sabotage aimed at influencing public opinion.
Top Actions to Take Now
External attacks are the
Only unified external cybersecurity can protect
you beyond the perimeter.
Social Engineering
Social engineeringwill remain one of the most common attack vectors across industries and regions in 2025, taking advantage of one of the most prominent security weaknesses at any organization: people.
Key Takeaways
Social Engineering