GUEST OPINION: Semperis Cyber Predictions - Focusing on the rise of attacks against Active Directory, critical infrastructure and more.
1. Active Directory will become a prominent target for cyber criminals.
Hackers will increasingly target Active Directory (AD) in 2025. AD is the most widely used authentication and authorisation solution in enterprise IT networks globally, and also a blind spot for many security teams. For most organisations, Active Directory is at the heart of their operational resilience because it manages access to nearly all users, groups, applications, and resources, which also make it a top target for attackers. Yet, only one quarter (27%) of the companies surveyed globally by Semperis said that they maintain dedicated, Active Directory–specific backups, which hackers have recognised and are increasingly taking advantage of. The Australian Signals Directorate and Five Eyes Alliance have recently warned Australian businesses of an uptick in attacks on AD, demonstrating that this will be a key priority area for 2025.
2. The Five Eyes Alliance will disrupt a major nation-state backed attack.
Rising geopolitical instability has given way to an increase in nation-state threat actors targeting their foreign adversaries. With current tensions in Russia and the Middle East simmering away, it is highly likely that there will be an attempted coordinated attack on Western nations, including Australia, intended disrupt democracy and sow fear, uncertainty and doubt into the minds of hundreds of millions of people. The Five Eyes Allice will share information and work together to stop this attack.
3. The number of attacks on critical infrastructure will increase, as will their sophistication.
While hospitals, government agencies, electricity operators and the like are regularly targeted by cyber criminals, we will see a further increase in the number of attacks on Australian critical infrastructure in 2025 for a few reasons. Firstly, critical infrastructure networks are often rely heavily on legacy software, which is only growing older and more insecure as the years go by. A large amount of this legacy software is no longer supported by the vendors who originally made it, meaning they are full of security vulnerabilities and frequently unable to be patched. Furthermore, critical services such as hospitals and water treatment facilities operate on a 24/7 basis with zero room for downtime – which has unfortunately made them more likely to pay the ransom to get their systems back up and running, as opposed to a non-critical service which can wait. To add fuel to the fire, growing geopolitical instability has increased the likelihood of nation-state sponsored hackers targeting the critical infrastructure of opposing countries.