One of the most concerning trends is the delivery of malware through browser extensions, which can persist even after systems are reimaged, posing a significant risk to users.

Additionally, phishing and vishing attacks are surging, with vishing incidents skyrocketing by 1,633% due to the emergence of AI-driven voice cloning technologies that create realistic audio deepfakes.

A report has revealed vulnerabilities in U.S. water facilities, indicating that 97 systems serving around 27 million people have significant security issues, prompting warnings from government agencies.

Criminals are adapting to the changing landscape by diversifying their attack methods, focusing more on supply chain attacks and critical infrastructure, which offer higher potential payouts.

Researchers from Ontinue have identified four key trends in cyber threats that are reshaping the landscape of cybersecurity.

Phishing tactics have evolved to include the use of legitimate sites for initial landing pages, 'no reply' sender addresses to bypass security checks, and obscure domain variations to mislead victims.

The rise in attacks is particularly alarming for Internet of Things (IoT) and Operational Technology (OT) devices, which are increasingly targeted due to their often inadequate security measures.

In response to these threats, the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) have urged water companies to enhance the security of their OT systems.

Cybersecurity expert Ngoc Bui has noted that organizations in critical infrastructure may feel pressured to pay ransoms to avoid catastrophic disruptions.

Interestingly, while ransomware payouts decreased significantly from $1.25 billion in 2023 to $813.5 million in 2024, the number of reported breaches has increased, indicating a rise in the frequency of attacks.

Ransomware gangs are also improving their tactics, including better interactions with IT teams for access and employing SaaS-based attacks along with double extortion methods.

Overall, these trends highlight the urgent need for organizations to bolster their cybersecurity measures in the face of evolving threats.