Skip to main content

Thales S21sec reveals key trends that will transform cybersecurity in 2025

  • The intensification of geopolitical conflicts, the deployment of AI, the growing digital reliance, and the sophistication of techniques will be the main challenges faced this year by sectors such as energy, finance, and transport.
  • Cybercrime will evolve towards a “crime as a service” model in which cybercriminals offer illicit services or tools to others in exchange for money, enabling criminal activities like hacking, data theft, or fraud.
  • The intensification of international conflicts is expected to result in an increase in attacks and espionage operations, especially targeting NATO members, as well as external interference in essential systems for upcoming electoral processes in Latin America.

Madrid, 23 January 2025. The cybersecurity landscape in 2025 will be marked by significant challenges driven by greater sophistication in cyberattacks, where techniques based on artificial intelligence will force organisations to implement more complex and adaptive security solutions, according to the latest studies from Thales S21sec, a European leader in cybersecurity services and part of the Thales Group. The company has analysed the main trends that will define the cyber landscape, in which the intensification of geopolitical conflicts, advancements in Artificial Intelligence (AI), and increasing digital reliance will heighten the risk of attacks on critical sectors like energy, financial services, and transportation, among others.

In this context, cybercrime has established itself as one of the leading global threats, with Spain ranking as the fifth most affected country due to its geographical position and participation in operations alongside NATO. These particularities make the country a key target for criminal networks, leveraging its integration into international alliances.

The evolution of cybercrime into a service model

The cyber threat ecosystem is evolving towards a “crime as a service” (CaaS) model, where illicit activities are commercialised, enabling individuals with no technical knowledge to acquire tools to carry out cybercrimes. Among the most prominent practices is “Malware as a Service” (MaaS), in which developers sell malicious programs through underground forums. These malwares, designed with an adaptable and decentralised structure, are difficult to detect, allowing attackers to adjust them to their needs and strategies. Another significant example is “Phishing as a Service”, gaining popularity due to the availability of affordable phishing kits. These tools automate the attack process, allowing even individuals with minimal technical knowledge to conduct effective phishing campaigns. Artificial intelligence will play a crucial role in this field, facilitating the creation and execution of more sophisticated and accessible attacks. Additionally, “Ransomware as a Service” is highlighted, a model that enables cybercriminals to rent the service without the need to develop it themselves, using double extortion techniques to encrypt data and threaten publication if the ransom is not paid.

Moreover, infostealers, a malware variant focused on stealing sensitive information like access credentials, will continue to be fundamental within the CaaS model. These programs allow the commercialisation of stolen data in underground markets at low costs, boosting the scalability of global threats and maintaining their relevance in the criminal landscape. To carry out such attacks, the exploitation of ‘zero days’ vulnerabilities will remain one of the primary entry points, as they allow systems to be compromised before detection and correction.

Lourdes Mora, Threat Intelligence Team Lead at Thales S21sec, states: “These weaknesses, commercialised at high prices on the dark web, are exploited by sophisticated groups such as APTs (Advanced Persistent Threats) and organisations with significant financial resources. With the growing use of cloud-based solutions, cybercriminals are expected to intensify their search for zero-day vulnerabilities in these environments, leading to an increase in attacks.”

The supply chain at the centre of the threat

Supply chain threats will become a key trend, as one of the most common strategies is to compromise intermediary companies, facilitating lateral attack expansion. This way, organised groups can access confidential information from not only the target company but also all those depending on the same services. From there, attackers may deploy ransomware, carry out extortions, sabotages, or, increasingly observed, engage in espionage activities and theft of intellectual property.

Geopolitics and cyberespionage

International conflicts will continue to pose a significant challenge, not only in the military realm but also in diplomacy. We will continue to witness attacks and espionage operations originating from Russia targeting NATO member states, as well as from countries like Israel and Iran. Cyberespionage campaigns by the so-called “Big Four” (China, Russia, Iran, and North Korea) will remain on the rise, alongside an increase in disinformation campaigns and the proliferation of fake news, particularly in upcoming electoral processes in Latin America, where these activities are also expected to intensify.

AI: a powerful ally for cybersecurity

The potential of AI is redefining the threat landscape, being exploited to drive illicit activities such as the automation of vulnerability exploitation, creation of deep fakes, or social engineering attacks. However, these tools are also expected to see increased use by companies fighting cybercrime, where behaviour analysis, automated detection and alerting, and fraudulent device filtering will enhance security measures and fortify corporate cybersecurity.

The future of interconnectivity

“The Internet of Things” (IoT) will be a key cybersecurity concern due to the increasing number of connected devices and the expansion of the attack surface. This larger attack surface will enable cybercriminals to find more vulnerabilities in the network. Many of these devices lack adequate security measures, making them easy targets for cybercriminals.

About Thales

Thales is a global leader in advanced technologies across three domains: Defence and Security, Aerospace and Space, and Cybersecurity and Digital Identity. Thales develops products and solutions that contribute to making the world safer, greener, and more inclusive. The Thales Group invests nearly €4 billion annually in Research and Development, particularly in key areas such as quantum technologies, Edge computing, 6G, and cybersecurity. Thales employs 81,000 professionals across 68 countries. In 2023, the Thales Group generated sales of €18.4 billion.

In cybersecurity, Thales is currently among the top 5 global leaders in the field, with €2.4 billion in cybersecurity revenues expected for 2024, 6,000 cyber experts across 68 countries, and double-digit growth. Thales operates a network of 11 Security Operations Centres (SOCs) worldwide, including the SOC in Madrid.

In Spain, Thales employs over 1,200 people, most of them engineers, in the fields of aerospace, defence and security, and cybersecurity and digital identity, covering all Thales markets with 13 sites across the country. In Madrid, Thales hosts the global centre of excellence for Border & Travel, and in cybersecurity, it stands out for its SOC (Security Operations Centre), which manages cyber threats for clients in Southern Europe.

About Thales S21Sec

Thales S21Sec, Cyber Solutions by Thales, is the European leader in cybersecurity services, with more than 400 security experts and an Iberian SOC. Thales S21Sec operates with a global vision to enable its clients’ business transformation by managing cybersecurity risks and protecting their assets. It can address organisational needs by covering all phases of the NIST framework, from defining cybersecurity strategies to responding to the most complex incidents. Thales S21Sec is part of the Thales Group, present in more than 68 countries.

For more information, visit www.s21sec.com