Google Cloud warns of AI escalation in cyber threats by 2025

Google Cloud has released its 2025 Cybersecurity Forecast, providing a detailed analysis of the trends that are expected to shape the cybersecurity landscape in the coming year.

The report identifies the increasing use of artificial intelligence by cybercriminals as a significant concern. The forecast indicates that AI and large language models (LLMs) will be utilised by malicious entities to automate attacks such as phishing and social engineering, as well as identity theft.

These advancements in technology are predicted to enable attackers to operate at an escalated scale, refining tools like deepfakes for fraudulent activities and sidestepping traditional identity verification systems.

The report suggests that as threat actors explore AI-driven tools, organisations will need to address the challenge of maintaining effective defences against these sophisticated threats.

Google Cloud's security leaders also predict a shift towards semi-autonomous security operations by 2025. AI is currently streamlining numerous processes, such as report summarisation, data management, and real-time assistance, thus allowing security teams to focus on more significant threats. Sunil Potti, Vice President and General Manager of Google Cloud Security, describes this transition as "the second phase of AI in security," which aims to progress towards near-autonomous cyber defence.

The report highlights a rise in cybersecurity threats within the JAPAC (Japan-Asia-Pacific) region, which has become a focal point for cybercrimes such as cryptocurrency theft, state-sponsored espionage, and organised cybercrime.

Particularly, North Korean cyber operatives are projected to target cryptocurrency exchanges and Web3 companies within the region further. These operatives are known to disguise themselves as remote IT workers to infiltrate businesses and exploit the region's substantial cryptocurrency adoption.

Concurrently, cybercriminal groups in Southeast Asia are updating their techniques, incorporating advanced technology like generative AI, and establishing black markets for illicit transactions. This development underscores a growing need for collaborative intelligence-sharing across sectors within the JAPAC region to tackle these evolving threats effectively.

The global threat landscape remains dominated by activities from the 'Big Four': Russia, China, Iran, and North Korea. Each of these nations is expected to continue its activities aligned with its geopolitical objectives through cyber espionage and disruptive operations.

Russian actors are likely to persist with espionage related to the Ukraine conflict and efforts to destabilise NATO-sympathetic nations. Meanwhile, China's state-sponsored cyber activities are expected to focus on gaining stealthy, prolonged access to critical targets, with specific attention to electoral processes in Taiwan and the United States in 2025. Additionally, the prevalence of ransomware and multi-layered extortion strategies is anticipated to increase, challenging organisations to counter sophisticated malware threats effectively.

To fortify against these emerging threats, Google Cloud advocates for organisations to implement cloud-native security measures, develop robust identity and access management systems and remain adaptable to evolving cyber threat landscapes. By acknowledging and preparing for these trends, businesses can strengthen their security postures and contribute to a more resilient cybersecurity environment.