As the United States transitions from the 2024 election cycle, cyber threat actors from Russia, China, and Iran are poised to intensify influence operations aimed at destabilizing U.S. interests.
These campaigns, expected to continue well into 2025, will target governmental institutions and public sentiment through social media, content manipulation, and disinformation, Google’s Cybersecurity Forecast 2025 stated.
Leveraging advances in generative AI, these actors can now execute high-volume, highly persuasive influence operations with unprecedented scale and sophistication.
Aggressive Influence Operations of the Big Three to Continue
Russia will maintain a strong focus on Ukraine, employing cyber espionage and information operations to support ongoing conflict. Beyond Ukraine, Kremlin will maintain a steady focus on amplifying politically divisive narratives in the U.S., employing tactics honed during its ongoing operations in Ukraine. Russia’s disinformation efforts in the U.S. election may have had some effect, particularly in the “swing” states of Michigan and Wisconsin.
Russian actors aim to undermine U.S. alliances, disrupt political discourse, and bolster Moscow’s global stance. Disguising tactics through a variety of hacktivist personas, they will continue to operate both covert and public campaigns targeting government, media, and social platforms, capitalizing on high-profile global events for maximum impact.
China will prioritize targeted influence operations around strategic elections, particularly within nations seen as critical to the People’s Republic of China (PRC)’s interests, such as the U.S. and Taiwan.
Chinese-controlled media and AI-driven personas are expected to create fake news content and impersonate voters, promoting false claims of election interference or questioning the validity of democratic processes. PRC actors are also expected to use advanced tactics like custom malware ecosystems for embedded systems, making detection more challenging and enabling long-term infiltration.
Iran will similarly leverage disinformation to influence U.S. policies and perceptions, while maintaining a focus on internal stability in response to geopolitical conflicts in the Middle East.
Iran’s cyber threat operations will include disinformation and espionage campaigns targeting U.S.-affiliated Middle Eastern groups, as well as political and media institutions that amplify views critical of Tehran’s policies. The ongoing Israel-Hamas conflict will likely shape much of Iran’s digital agenda, combining cyber espionage with misinformation campaigns to sway public opinion.
Other Threats and Key Cybersecurity Trends for 2025
A number of other trends were noted in the 2025 outlook.
Ransomware and Extortion: Persistent and Evolving
Ransomware remains a top threat, and multifaceted extortion tactics involving data theft and service disruptions will likely surge. The increasing number of data leak sites and emerging ransomware-as-a-service (RaaS) offerings enable cybercriminals of varying skill levels to launch impactful attacks across industries. The healthcare sector has been particularly vulnerable, with ransomware compromising patient care and essential services—a trend that shows no signs of slowing.
Infostealer Malware: Facilitating Data Breaches
Infostealers will continue to gain traction as threat actors exploit stolen credentials to gain access to sensitive networks. This form of malware will remain a low-effort, high-reward tool, especially effective in environments lacking multi-factor authentication. By obtaining credentials, even low-skilled attackers can infiltrate high-profile organizations, increasing the likelihood of data breaches.
Faster Vulnerability Exploitation
The speed of exploitation following vulnerability disclosures has accelerated, with attackers now exploiting disclosed vulnerabilities within days. With the average time-to-exploit shrinking, vendors face growing pressure to patch vulnerabilities immediately, while organizations need robust detection and response systems in place to mitigate risks.
Post-Quantum Cryptography Preparations
Although quantum computing threats may still be years away, 2025 will see a push toward adopting post-quantum cryptography standards. Companies will need to assess cryptographic dependencies, start inventorying sensitive data, and develop plans to secure it against future quantum-based decryption threats.
Also read: 2024 Cybersecurity Trends: Insights from Experts
Regional Focus: EMEA and JAPAC Cybersecurity Forecasts
EMEA
The revised NIS2 Directive will increase cybersecurity responsibilities for critical infrastructure operators in Europe, enforcing higher security standards, incident response requirements, and supply chain security mandates. Compliance will drive significant improvements, but organizations will need to invest in security technologies and staff training to meet these new standards.
JAPAC
North Korea’s interest in cryptocurrency markets will spur cyber threats across the JAPAC region, while Southeast Asian cybercriminals will continue innovating with AI, deepfake technology, and new cryptocurrency schemes. The report highlights the need for intelligence-sharing between organizations and governments to track and address emerging criminal tactics.
AI: Transforming Defense and Enabling Attacks
Google also predicted a dual role for AI in 2025, with defenders and attackers alike harnessing its capabilities:
- Defensive AI will aid cybersecurity teams by streamlining alert triage, handling repetitive tasks, and performing in-depth threat analysis. This “semi-autonomous” phase will integrate AI into daily security operations, reducing analyst workloads and enhancing threat response.
- Malicious AI will empower attackers to refine social engineering attacks, including phishing and deepfake-driven impersonations. With easier access to generative AI tools, cybercriminals can scale misinformation, develop sophisticated malware, and bypass security checks, posing significant risks for organizations.
The Cybersecurity Forecast 2025 report predicts the critical need for organizations to anticipate emerging threats, from AI-enhanced disinformation to quantum computing risks. Proactive planning and investment in advanced cybersecurity solutions, including AI-powered defenses and multi-factor authentication, will be essential to counter evolving attack vectors.
Organizations should prioritize threat intelligence to monitor geopolitical developments, strengthen identity management to prevent infostealer exploitation, and implement cloud-specific security protocols. Preparing for post-quantum standards and complying with regulatory directives will further enhance resilience, positioning organizations to navigate the multifaceted cybersecurity landscape of 2025.