2025’s cyber threats call for a multilayered, proactive approach

Misuse of IT resources and changes in attack techniques

One of the alarming trends is the incorrect use of IT resources by employees, or misuse, according to Orange Cyberdefense’s Security Navigator report. With the share of incidents caused by misuse, which include shadow IT, ignoring policies or unauthorized use of software, having increased from 17% in 2023 to 28% in 2024, misuse is now almost equal to hacking as the biggest threat.

According to the report, misuse is most prevalent on end-user devices, such as laptops, desktops and mobile phones. In 2024, the number of incidents affecting these devices grew from 28% to 36%. However, this increase is not only due to misuse of IT resources, but also due to the shift in attack technique, the report says, noticing a shift from traditional attacks to more distributed, end-user tactics.

At the same time, incidents which targeted accounts decreased slightly compared to 2023, which may indicate improvements in identity and authentication.

Internal threats, external threats, and false positives

In 2024, 47% of confirmed incidents originated from internal sources, while external sources accounted for 48%. Although both categories increased compared to 2023, internal threats showed the largest increase, from 37% to almost half of all incidents. This trend is consistent with the increase in incidents in the misuse category, the report said.

However, a difference exists between smaller and larger companies. Smaller companies are more likely to experience internal incidents, while larger companies report more external hacking attempts. This might be due to the fact that large organizations have a broader external attack surface, while smaller companies often invest less in employee awareness programs.

Phishing and social engineering remain a major problem for companies of all sizes, the report said, with phishing incidents increasing from 8% to 13% in 2024.

At the same time, false positives remained an issue, as complex environments make it difficult to distinguish between normal user activity and potential threats, and subtle differences between normal behavior and malicious actions are often simply difficult to tell apart.

However, the report shows that the number of false positives has further decreased to 62% of all reports, which is due to improved detection mechanisms. Optimized processes have led to more accurate incident reporting.

Ransomware attacks evolve

Another alarming trend is the increase in ransomware attacks. In 2024, more than 5,414 ransomware attacks were published worldwide. This is an 11% increase from the previous year, according to the 2024 Ransomware Report of Check Point Software Technologies. In the last quarter of 2024, there were 1,827 incidents, the highest number ever.

The crackdown on large ransomware groups led to fragmentation, which increased competition between smaller ransomware gangs and allowed other threat actors to emerge, the report added. In 2024, 95 active ransomware groups emerged, which is a 40% increase from the 68 groups active in 2023. Notably, the top 10 groups were responsible for 52.8% of attacks, highlighting both the influence of newcomers and a decline in the dominance of older groups.

One of those new groups is FunkSec, which surfaced publicly in late 2024 and quickly rose to prominence by publishing over 85 claimed victims: more than any other ransomware group in the month of December.

FunkSec presents itself as a new RaaS operation and prefers dual extortion tactics, combining data theft and encryption to pressure victims into paying ransoms. The group does not appear to have any known ties to any previously identified ransomware gangs; most of its core operations are likely carried out by inexperienced actors, with the help of AI.

Additionally, it is difficult to verify the authenticity of the leaked information, as the group’s primary goal appears to be to gain visibility and recognition. Additionally, FunkSec has ties to hacktivist activities, with members operating in Algeria. This highlights the increasingly blurred lines between hacktivism and cybercrime, and the challenges of distinguishing one from the other, the report said.

A multi-layered, human approach

The increasing ransomware attacks call for a proactive, layered approach to cybersecurity, which includes advanced threat detection, patch management, and a collaborative defense where organizations work with industry peers and regulators to share information and strengthen collective defense, Check Point highlighted in its report. 

At the same time, while technology is essential, without structural attention to human behavior and processes, the issues remain. Companies should not only react, but anticipate and take a proactive approach, Orange Cyberdefense added.