Global cybersecurity solutions innovator Sophos has identified the healthcare and education sectors as primary targets for ransomware in its 2025 cybersecurity predictions. These sectors, with limited cybersecurity budgets and sensitive data, face increased pressure, making them more likely to pay ransoms.

Other areas that warrant closer scrutiny in 2025 include:

Artificial Intelligence Vulnerabilities and Malware: The honeymoon period for AI is ending, and vulnerabilities and malware targeting AI will emerge. Attackers are already using AI to deploy malware.

  • Generative AI Risks: AI has democratized certain cybercriminal activities, allowing low-skilled attackers to create phishing lures and ransomware code. Although these attacks have a low success rate, they contribute to a growing flood of noise in offensive operations.
  • Incremental Changes in LLMs: Future progress in large language models (LLMs) will be incremental, focusing on optimization and improvements in power and cost efficiencies.
  • Rise in Multi-Agent Systems: The next evolution in LLMs will involve chaining them together to create more complex tasks, such as automated cybersecurity penetration systems and integrated assistants.

Nation-State Attacks on Edge Devices: Nation-state groups are targeting edge devices to build proxy networks for chaos and sabotage. This broadens the victim pool to include companies of all sizes.

Attacker Tactics

  • Distraction Tactics: Cybercriminals are using distraction tactics to pull incident responders’ attention away from their primary objective, overwhelming response teams and making organizations vulnerable.
  • Targeting Cloud Environments: As organizations implement more advanced endpoint security tools, attackers are increasingly targeting cloud environments, looking for cloud assets and authentication tokens.
  • Supply Chain Attacks: Attacks against the software supply chain will continue, with significant consequences for affected companies and their customers.

Considering the aforementioned cyber security threats, Sophos advises companies in Malaysia and throughout the region to take the following actions:

  1. Proactively plan for vendor disruptions and prioritize patching and multi-factor authentication (MFA) to improve their security posture.
  2. Strengthening the security of products from the start will be crucial in safeguarding the world’s supply chains.
  3. Educating users on best practices and encouraging them to report suspicious activities can help prevent attacks.
  4. Addressing burnout and fatigue within the cybersecurity community is essential to maintaining effective defenses.