Cyber threat trends: a CISO guide to emerging risks
Cybercriminals are leveraging large language models, and ransomware risks are on the rise, according to a new report that provides insights into evolving cyber threats.
The prevalence of the ransomware-as-a-service (RaaS) model has significantly increased the frequency, destructiveness, and complexity of ransomware operations throughout 2024, according to Deloitte's Annual Threat Trends Report.
The increase in use of RaaS models is enabling, for example, developers to concentrate on creating and improving ransomware and its components, initial access brokers to specialise in obtaining access to potential victims, and affiliates to focus on navigating compromised networks, payload deployment, and extortion, notes the report.
Moreover, nation-state advanced persistent threats (APTs) have been increasingly deploying ransomware by collaborating with cybercriminal groups or developing their own ransomware strains for both financial gain and as a distraction to mislead incident responders while carrying out espionage-driven tactics.
'In today's rapidly evolving digital landscape, understanding cyber threat trends is crucial for safeguarding organisational assets and maintaining trust with stakeholders,' says Adnan Amjad, partner and US Cyber Offering portfolio leader at Deloitte & Touche LLP. 'Such insights can help CISOs navigate a complex threat landscape and implement effective security strategies,' adds Amjad.
The Cyber Threat Trends Report emphasises the need for organisations to remain vigilant and adaptive in their cybersecurity strategies by identifying emerging threat trends in ransomware groups, AI-powered social engineering, and AI-as-a-service models, as well as evolving initial access trends.
Effective cybersecurity begins with a deeper understanding of the evolving threats organisations continually face and the threat actors behind them, say report authors. They also explain that due to an influx of rapidly evolving and disruptive emerging issues and threat trends observed throughout 2024, organisations can benefit from adopting a broad approach to help mitigate the specific and ever-changing cyber risks they face.
In this context, CIOs and CISOs can leverage the insights from threat intelligence teams to strengthen their organisation's cyber defences and prepare for worst-case scenarios to recover quickly in the event of a cyber intrusion.
Trending and emerging initial access vectors
The report investigates cyber threat trends across industry vectors, including the global impact of ransomware, trending and emerging initial access vectors, and observations from underground forums and marketplaces.
Cybercriminals and nation-state APTs use large language models (LLMs) in many aspects of a cyberattack, according to the report. That includes actions such as gathering information on the target via multiple social engineering tactics, conducting reconnaissance, defense evasion, and crafting customised phishing lures.
The use of LLMs to generate phishing content presents a significant challenge to traditional threat detection. Consider that threat actors can generate 1000 phishing emails in under two hours for as little as $6, with LLMs likely contributing to the overall 1265 per cent increase in phishing attacks reported in early 2024. [2]
'The future of cybersecurity lies in an organisation's ability to innovate and adapt,' says Kushagr Singh, principal and US Cyber Detect and Respond leader with Deloitte & Touche LLP. 'By leveraging advanced technologies while continuing to foster a culture of trust and security, we can help our clients stay one step ahead of cyber adversaries,' observes Singh.
Underground trends
Throughout 2024, report authors observed an increased influx of individuals' private information and a higher volume of sales of this information on various underground forums. Although international law enforcement efforts yielded visible results, they also underscored the persistent resilience of cybercriminal networks as threat actors often reconstitute quickly, indicating a continual need for intelligence-driven defense, closer public-private partnerships, and information-sharing initiatives to forge a more accurate picture of the threat landscape.
Clare Mohr is leader and vice-president, Shawn Cozzolino, senior solution delivery manager, and David An, manager, all with Deloitte US Cyber Intelligence, Solution Delivery, Deloitte & Touche LLP.
1. https://www.welivesecurity.com/en/business-security/state-aligned-apt-groups-increasingly-deploying-ransomware/
2. https://www.recordedfuture.com/research/qr-code-and-ai-generated-phishing-proliferate
As published by the Deloitte US Chief Financial Officer Program in the 30 April 2025 edition of The CFO Journal in WSJ.
Disclaimer
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ('DTTL'), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as 'Deloitte Global') does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the 'Deloitte' name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.
Copyright © 2025 Deloitte Development LLC. All rights reserved.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
News.com.au
4 hours ago
- News.com.au
What the Trump-Musk Feud Means for SpaceX and NASA
The U.S. government relies on SpaceX to support NASA and other agencies, and the company has received more $20 billion in federal contracts for it. As Musk and Trump threaten to cut ties, here's what that would mean for the U.S.'s space ambitions.
ABC News
6 hours ago
- ABC News
Trump-Musk bromance spirals into public spat
Elon Musk receives the key to the White House from U.S. President Donald Trump during a press conference in the Oval Office at the White House, in Washington, D.C., U.S., May 30, 2025. REUTERS/Nathan Howard (Reuters: Nathan Howard)
News.com.au
6 hours ago
- News.com.au
Australian company Intrepid Travel fights back against Donald Trump threat to US national parks
An Australian company is fighting back against Donald Trump's planned upheaval of US national parks. Since US President Donald Trump took office, more than 1000 park workers have been laid off (more than 700 others took buyouts), and more are expected to be let go. There is also a proposal to cut more than $US1 billion ($A1.5 billion) in federal funding for the US National Parks Service (nearly 40 per cent of the agency's current budget). NPS oversees 85 million acres of federal land and there are 433 sites in the National Park System, with parks in every state. National Park Conservation Association president Theresa Pierno described Mr Trump's proposed budget plan as 'catastrophic,' arguing that the 'national park system would be completely decimated'. Mr Trump wants to see some parks (that the White House describes as 'not 'national parks' in the traditionally understood sense') go to the states, but there are concerns states don't have the resources to maintain the parks, which will force them to close. The White House claims the proposed budget would 'continue supporting many national treasures, but there is an urgent need to streamline staffing and transfer certain properties to state-level management to ensure the long-term health and sustainment of the national park system'. Aussie-born company fights back A Melbourne-born global travel company, which runs tours across 18 US national parks, has made its stance clear. Speaking to on Thursday, Intrepid Travel's Leigh Barnes described national parks as 'incredibly important' to the US and said the White House's massive proposed funding cuts are 'putting access at risk'. 'We need healthy, vibrant national parks for our business, and also the impact of not having tourism go to national parks in the USA is going to put local businesses underground,' said Mr Barnes, an Australian who relocated to Seattle this year to take up the role of managing director of the Americas. In response to the Trump Administration's actions, Intrepid has now launched limited edition 'Active-ism' trips in the parks, hosted by influential activists and local guides. The trips are about $US500-$600 ($A770-$920) cheaper than a standard itinerary, despite the addition of an activist. 'That has been a deliberate focus, making them as accessible as possible,' Mr Barnes said. 'They're not going to be the world's greatest profit generator for the organisation, but that's not the purpose.' Intrepid will also donate $US50,000 ($A77,000) on behalf of its travellers to nongovernmental organisations protecting the US national parks. Intrepid has 26 trips across 18 national parks, and employs 200 local guides and 60 staff there. The company has taken more than 20,000 travellers and expects to host another 5000 this year. Mr Barnes explained that it's not just direct jobs at the US National Parks Service at risk. 'They (national parks) are absolutely amazing economic drivers for these areas. Having these national parks creates jobs in and around the national parks ecosystem. Not just the national parks employees but all the little smaller businesses and ecosystems it supports,' he said. He added: 'They're a massive pride and icon in the USA. 'We want to ensure these amazing parts of the USA are not just here for this generation but the generations beyond.' Mr Barnes said the more people who experience nature, the more that are likely to advocate for these spaces, so his team simply asked themselves, 'how do we encourage more people to go out to national parks?'. The Active-ism trips include two five-day 'Zion and The Grand Canyon' trips hosted by public lands advocate Alex Haraus in November and environmental advocate Wawa Gatheru in April next year, and then two six-day 'Yellowstone and The Grand Tetons' trips hosted by climate educator Michael Mezzatesta and environmental author Leah Thomas in June next year. The target market is Americans but anyone can book. Discussions guests can expect include the current threats facing US national parks, the impact of climate change, Indigenous land rights, equity in outdoor spaces, and how to turn awareness into advocacy. Mr Barnes, previously Intrepid's chief customer officer in Melbourne, took on leading the Americas side of the business at a challenging time for US tourism. March — the same month Mr Barnes relocated his family to the States — saw the sharpest drop in Australians travelling to the US since during the height of the Covid pandemic, according to US International Trade Administration statistics. Australian visitor numbers fell 7 per cent in March this year, compared to March 2024 — the biggest drop since March 2021. Flight Centre and Intrepid Travel told last month bookings to the US had dropped significantly as Aussies, Canadians and Europeans choose to travel elsewhere. Globally, Intrepid saw a year-on-year 9 per cent decline in US sales for the first four months of the year. US sales for Australian and New Zealand travellers in particular were down 13 per cent. April alone was down 44 per cent on last year. But other areas such as South America are 'booming'. As a result, Mr Barnes said his team had increased their focus on domestic travel within the US, promoting the right products at the right time, and increasing their brand presence (last week Intrepid became an official partner of the Seattle Storm WNBA team). All eyes on American tourism The global tourism industry is keeping a close eye on the impact of Mr Trump's strict border stance and other controversial government policies like sweeping tariffs are having on travel. On Thursday, Mr Trump signed a new travel ban banning people from 12 countries to 'protect Americans from dangerous foreign actors'. The ban targets nationals of Afghanistan, Burma, Chad, Republic of the Congo, Equatorial Guinea, Eritrea, Haiti, Iran, Libya, Somalia, Sudan and Yemen. Flight Centre CEO and founder Graham Turner told it was an 'unsettled climate' impacting business travel, while tourists worry about passport control and others simply don't want to go to the US 'because they don't like what Donald Trump's doing'. Tourism Economics — which forecasts foreign traveller arrivals in the US will sharply decline this year resulting in a loss of $9 billion in spending — said decisions from the Trump Administration are creating a 'negative sentiment shift toward the US among travellers'. The travel data company's April report cited Mr Trump's stance on border security and immigration as one of the factors discouraging visits. Mr Trump rejects the notion that the country's tourism industry is in any trouble — saying 'tourism is way up'. Security checks at US airports have garnered much attention in recent months amid Mr Trump's 'enhanced vetting' for arrivals at US airports and cases of tourists being denied entry on arrival, and at times, strip searched and thrown in prison. Former NSW police officer Nikki Saroukos is one of those people who recently travelled to the US using an Electronic System for Travel Authorization (ESTA) under the Visa Waiver Program and was deported, but first she had to spend a night in a federal prison. She said she was subjected to invasive searches and humiliating treatment for trying to spend time with her US military husband stationed in Hawaii. The US Department of Homeland Security later issued what it described as a 'fact check' on X after she went public with the ordeal, accusing her of having 'unusual activity on her phone, including 1000 deleted text messages from her husband'. Homeland Security said 'officers determined that she was travelling for more than just tourism'. But Ms Saroukos strongly denies having any plans to live permanently in the US. The Sydney resident, who married her husband Matt in January after a whirlwind long-distance romance, told she was 'in disbelief at how ridiculous' the statement was and claimed that some of the information included had been 'twisted'. Why denied tourists can end up in federal prison CBP has long had strong powers to deny entry, detain and deport foreigners at their discretion when travellers arrive in the country even if they have a valid visa or ESTA. However, what we are seeing under the Trump administration is described as 'enhanced vetting'. Australians are being warned to not assume they are exempt to more intense checks, including inspections of emails, text messages or social media accounts at the airport. Melissa Vincenty, a US immigration lawyer and Australian migration agent who is managing director of Worldwide Migration Partners, told recently that being taken to federal prison with no criminal record, no drugs or anything that is a danger to society is the reality of being denied entry to the US in Hawaii. Ms Vincenty, a dual-citizen who was a deportation defence lawyer in Honolulu before moving to Australia, explained the state did not have an immigration facility so people were taken to the Federal Detention Center Honolulu, where there was no separate wing for immigration. It meant tourists who were denied entry to the US could be held alongside those awaiting trial — or who have been convicted and were waiting to be transferred to a mainland prison for serious federal crimes, such as kidnapping, bank robbery or drug crimes. 'It's like in the movies — you go there and there's bars, you get strip searched, all your stuff is taken away from you, you're not allowed to call anybody, nobody knows where you are,' Ms Vincenty told in April after the experience of two young German tourists being strip searched and thrown in prison made global headlines. Ms Vincenty said for Australians who were denied entry to the US in other locations like Los Angeles, San Francisco or Dallas, being held in detention facilities until the next available flight home was a real risk as there weren't constant return flights to Australia — meaning you might have to wait until the next day. If not taken to a detention facility, some travellers may stay sitting for hours in what is called a secondary inspection at the airport. A secondary inspection includes further vetting such as searching travellers' electronic devices. 'That period can last from half an hour to 15 hours or more,' she said.
