Cybersecurity Trends and Emerging Threats in 2025
Coalition, a leading provider of Active Insurance tailored to digital risk management, has unveiled its Cyber Threat Index for 2025. This comprehensive report analyzes cybersecurity patterns from the previous year, 2024, while shedding light on new threats businesses must prepare for in 2025.
Key Findings on Ransomware Attacks
A significant insight from the report reveals that 58% of ransomware claims in 2024 originated from vulnerabilities within perimeter security devices, notably virtual private networks (VPNs) and firewalls. Remote desktop services were the second most exploited vector, accounting for 18% of claims.
Alok Ojha, Coalition’s Head of Products, Security, remarked, “While ransomware remains a critical concern for businesses, the tactics of threat actors have not significantly evolved. They continue targeting established technologies using familiar methods. This presents an opportunity for businesses to develop a reliable counter-strategy by addressing the most pressing security issues to minimize ransomware or other cyber threats. Continuous monitoring of attack surfaces to identify and rectify vulnerabilities could be pivotal in differentiating between a potential threat and an actual incident.”
Projected Increase in Software Vulnerabilities
Looking forward to 2025, the report anticipates that the number of identified software vulnerabilities will surpass 45,000, showing a near 15% rise from the initial ten months of 2024. This translates to almost 4,000 new vulnerabilities each month.
In terms of ransomware claims, stolen credentials were the most common initial access method (IAV), responsible for 47% of incidents, followed by software exploits at 29%. Products from vendors such as Fortinet, Cisco, SonicWall, Palo Alto Networks, and Microsoft were frequently targeted.
The Growing Threat of Exposed Login Credentials
The report emphasizes the increasing risk of exposed login credentials. Coalition identified over 5 million remote management solutions and a multitude of vulnerable login panels accessible via the internet. Moreover, over 65% of companies seeking cyber insurance possessed at least one exposed login panel.
To combat these risks, Coalition employs a blend of artificial intelligence, honeypots, and expert analysis to prioritize vulnerabilities based on their exploitation potential. This strategy helps alleviate alert fatigue among policyholders, enabling them to concentrate on the most critical threats.
Remarkably, only 0.15% of vulnerabilities published in the first ten months of 2024 resulted in critical alerts, with 90% not triggering any alerts at all. Through this proactive stance, Coalition policyholders successfully addressed over 32,000 vulnerabilities in 2024.
Guidance for Under-Resourced Organizations
Daniel Woods, Senior Security Researcher at Coalition, stated, “This year’s report highlights essential security risks that under-resourced organizations should comprehend to better allocate their defensive investments and enhance resilience. Calibration involves balancing security investments across vulnerabilities, misconfigurations, and threat intelligence, while also responding to emerging threats, such as zero-day vulnerabilities exploited in the wild. Coalition issues Zero-Day Alerts to support businesses, particularly SMBs with limited security resources, in prioritizing high-risk vulnerabilities and reducing alert fatigue.”
