12-05-2025
Cyber threat trends: a CISO guide to emerging risks
Cybercriminals are leveraging large language models, and ransomware risks are on the rise, according to a new report that provides insights into evolving cyber threats.
The prevalence of the ransomware-as-a-service (RaaS) model has significantly increased the frequency, destructiveness, and complexity of ransomware operations throughout 2024, according to Deloitte's Annual Threat Trends Report.
The increase in use of RaaS models is enabling, for example, developers to concentrate on creating and improving ransomware and its components, initial access brokers to specialise in obtaining access to potential victims, and affiliates to focus on navigating compromised networks, payload deployment, and extortion, notes the report.
Moreover, nation-state advanced persistent threats (APTs) have been increasingly deploying ransomware by collaborating with cybercriminal groups or developing their own ransomware strains for both financial gain and as a distraction to mislead incident responders while carrying out espionage-driven tactics.
'In today's rapidly evolving digital landscape, understanding cyber threat trends is crucial for safeguarding organisational assets and maintaining trust with stakeholders,' says Adnan Amjad, partner and US Cyber Offering portfolio leader at Deloitte & Touche LLP. 'Such insights can help CISOs navigate a complex threat landscape and implement effective security strategies,' adds Amjad.
The Cyber Threat Trends Report emphasises the need for organisations to remain vigilant and adaptive in their cybersecurity strategies by identifying emerging threat trends in ransomware groups, AI-powered social engineering, and AI-as-a-service models, as well as evolving initial access trends.
Effective cybersecurity begins with a deeper understanding of the evolving threats organisations continually face and the threat actors behind them, say report authors. They also explain that due to an influx of rapidly evolving and disruptive emerging issues and threat trends observed throughout 2024, organisations can benefit from adopting a broad approach to help mitigate the specific and ever-changing cyber risks they face.
In this context, CIOs and CISOs can leverage the insights from threat intelligence teams to strengthen their organisation's cyber defences and prepare for worst-case scenarios to recover quickly in the event of a cyber intrusion.
Trending and emerging initial access vectors
The report investigates cyber threat trends across industry vectors, including the global impact of ransomware, trending and emerging initial access vectors, and observations from underground forums and marketplaces.
Cybercriminals and nation-state APTs use large language models (LLMs) in many aspects of a cyberattack, according to the report. That includes actions such as gathering information on the target via multiple social engineering tactics, conducting reconnaissance, defense evasion, and crafting customised phishing lures.
The use of LLMs to generate phishing content presents a significant challenge to traditional threat detection. Consider that threat actors can generate 1000 phishing emails in under two hours for as little as $6, with LLMs likely contributing to the overall 1265 per cent increase in phishing attacks reported in early 2024. [2]
'The future of cybersecurity lies in an organisation's ability to innovate and adapt,' says Kushagr Singh, principal and US Cyber Detect and Respond leader with Deloitte & Touche LLP. 'By leveraging advanced technologies while continuing to foster a culture of trust and security, we can help our clients stay one step ahead of cyber adversaries,' observes Singh.
Underground trends
Throughout 2024, report authors observed an increased influx of individuals' private information and a higher volume of sales of this information on various underground forums. Although international law enforcement efforts yielded visible results, they also underscored the persistent resilience of cybercriminal networks as threat actors often reconstitute quickly, indicating a continual need for intelligence-driven defense, closer public-private partnerships, and information-sharing initiatives to forge a more accurate picture of the threat landscape.
Clare Mohr is leader and vice-president, Shawn Cozzolino, senior solution delivery manager, and David An, manager, all with Deloitte US Cyber Intelligence, Solution Delivery, Deloitte & Touche LLP.
1.
2.
As published by the Deloitte US Chief Financial Officer Program in the 30 April 2025 edition of The CFO Journal in WSJ.
Disclaimer
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ('DTTL'), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as 'Deloitte Global') does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the 'Deloitte' name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms.
Copyright © 2025 Deloitte Development LLC. All rights reserved.
