Threat Landscape & Insights

Steve Clarke, Head of Penetration Testing at CyberLab, explores the evolving threat landscape shaped by hybrid warfare and cyber attacks, with a focus on the conflict in Ukraine and its global implications.

This blog covers:

• The Conflict in Ukraine and Cyber Warfare
• Information Warfare and Disinformation
• Malware Spillage Beyond Borders
• Russia Targeted by Anonymous
• How to Protect Your Business and Data
• How to Book Your Free Security Consultation

Hybrid warfare – where conventional military tactics are combined with cyber attacks, disinformation, and sabotage – has become a defining feature of modern conflict.

Ukraine remains a frontline example, having faced relentless cyber aggression since 2014, including the infamous 2015 power grid attack and the 2017 NotPetya malware incident.

In 2022, Russia launched a full-scale invasion of Ukraine, preceded by cyber operations such as the deployment of HermeticWiper, designed to erase data and cripple systems. These attacks exploited endpoint and server misconfigurations, often executing with local admin privileges.

In 2025, Ukraine continues to face hybrid threats, including GPS jamming, drone interference, and coordinated disinformation campaigns. Despite this, experts praise Ukraine’s cyber defence strategy, which includes partnerships with big tech firms and international allies.

Disinformation remains a core tactic in Russia’s hybrid playbook. From fake news to social media manipulation, these campaigns aim to destabilise societies and erode trust in institutions.

While large-scale cyber attacks on Western infrastructure have not materialised as feared, experts warn that Russia’s cyber capabilities are likely being recalibrated for future use.

Ukraine’s experience offers lessons: proactive communication, media literacy, and civil society engagement are key to countering narrative warfare.

Hybrid cyber weapons often lack geographic constraints. Malware like NotPetya and AcidRain have caused global damage, affecting systems far beyond their intended targets.

With limited operational controls, these threats can persist for years, making patch management and system hardening essential.

Hacktivist group Anonymous has claimed responsibility for cyber operations against Russian state assets, including website defacements, TV broadcast takeovers, and data exfiltration.

These actions mark a shift from traditional DoS attacks to more targeted and symbolic disruptions.

The UK’s National Cyber Security Centre (NCSC) continues to update its guidance for organisations of all sizes. Key recommendations include:

• Patch Management: Ensure timely updates across all systems
• Access Control: Use strong authentication and limit privileges
• Monitoring: Implement logging and anomaly detection
• Internet Footprint: Minimise exposure and harden public-facing assets
• Human Factors: Train staff to report phishing and ensure offline backups are recoverable.

CyberLab supports over 28,000 organisations with tailored security solutions, helping businesses assess risk and strengthen their defences.

The foundational pillars of any organisation’s performance and resilience are people, processes, and technology. These elements are emphasised in the ISO 27001 framework, which underscores the importance of a holistic approach to information security management.

Despite robust technological defences and well-defined processes, it is often the human element that remains the most vulnerable. Social engineering usually involves manipulating or deceiving individuals into divulging credentials or granting some form of unauthorised access to malicious actors.

This article explores the pervasive threat of social engineering, exploring its techniques, real-world impacts, and strategies to fortify your defences against these sophisticated attacks.

Social engineering is a manipulation technique that exploits human psychology to gain access to confidential information or systems. Unlike technical hacking, social engineering relies on human interaction and often involves tricking people into breaking normal security procedures with the goal of obtaining sensitive information or unauthorised access.

Social engineering tactics are diverse and continually evolving. Some of the most common techniques include:

• Phishing: Deceptive emails or messages designed to trick recipients into providing sensitive information.
• Baiting: Offering something enticing to lure victims into a trap.
• Pretexting: Creating a fabricated scenario to steal victims’ personal information.
• Tailgating: Gaining physical access to restricted areas by following someone with legitimate access.
• Vishing: Using phone calls to trick victims into divulging information.

Social engineering is alarmingly common in cyber-attacks. According to findings from American-based Software and Cyber Security company Splunk, in 2023, 98% of all reported cyber-attacks involved some form of social-engineering, making it one of, if not the most prevalent methods used by cybercriminals and other threat actors. An average organisation can face over 700 social engineering attacks annually. [source: Splunk]

Phishing remains the most common social engineering technique, with millions of phishing emails sent daily around the globe. In the UK the 2024 Cyber Breaches Survey indicated that 84% of businesses and 83% charities have been targeted by phishing attacks this year already, with some cyber criminals impersonating other organisations in emails or online. [source: UK Government]

As we progress through 2024, the cyber threat landscape continues to evolve rapidly, presenting new challenges for organisations and individuals alike. In this edition, we shift our focus from past incidents to the present and future threats that pose the greatest risks.

Understanding these threats is crucial for developing effective strategies to safeguard against them. Cybercrime is expected to become the world’s third largest economy by 2025, estimated to cost $10.5 trillion in damages globally, according to cybercrime magazine.

This month, we highlight the top five most dangerous cyber threats of 2024, exploring their nature, potential impacts, and the steps you can take to protect yourself and your organisation. Join us as we explore these pressing cyber threats and provide insights into enhancing your cyber resilience.

At the RSA Conference 2024, cyber security experts identified offensive AI as a significant threat multiplier, presenting it as one of the top five cyber threats for the year. Stephen Sims highlighted how malicious actors leverage AI and automation to rapidly identify vulnerabilities, automate the generation of exploits, and launch sophisticated attack campaigns.

This offensive AI capability accelerates the discovery and exploitation of vulnerabilities, posing a formidable challenge for defenders. Sims emphasised the urgent need for defensive strategies capable of countering the speed, automation, and intelligence wielded by attackers, underscoring the importance of innovative defensive measures to mitigate this evolving threat landscape in 2024.

Social engineering has long been a prominent cyber threat, relying on psychological manipulation to deceive victims. Attackers exploit human traits such as trust, fear, and curiosity to gain access to critical systems or sensitive information. Traditional social engineering methods include phishing, baiting, pretexting, and tailgating.

The increasing digital transformation and real-time information sharing have made individuals more susceptible to these attacks. In 2022 alone, there were 493 million ransomware attacks, and 19% of all data breaches were due to stolen or compromised login credentials.

AI has significantly amplified social engineering tactics, enabling attackers to develop more complex and convincing attacks tailored to targeted individuals. AI-driven social engineering can include:

• Hyper-personalised phishing
• AI-generated natural language content
• Emotional manipulation
• Detection evasion
• Automated reconnaissance

These advancements allow attackers to craft tailored, context-aware campaigns quickly and efficiently, making traditional defences less effective. Businesses must now contend with AI-generated deepfakes, persuasive phishing emails, and sophisticated data manipulation, requiring a proactive and adaptive approach to cybersecurity.

Implementing multi-factor authentication, employee training, phishing simulations, and AI-based defence mechanisms are essential to counter these advanced threats.

Despite significant global law enforcement efforts, ransomware activity has continued to surge in 2024. According to the Sophos 2024 Ransomware Report, global ransomware attacks in 2023 set a record high, surpassing the previous year by nearly 70%. In the first quarter of 2024 alone, 1,075 ransomware victims were posted on leak sites. Major ransomware groups like LockBit and ALPHV/BlackCat were responsible for 30% of the activity.

The report also highlights the financial impact of these attacks, with average ransom payments increasing by 500% in the last year. A staggering 63% of ransom demands were for $1 million or more, and 30% exceeded $5 million, indicating that ransomware operators are targeting larger payoffs.

Overall, these reports indicate that ransomware isn’t slowing down in 2024 and remains one of the largest threats to organisations. Few organisations have the right tools, people, and processes in-house to manage their security program around-the-clock while proactively defending against new and emerging threats.

Supply chain risk continues to be a significant threat in 2024, as we’ve already seen from major incidents this year involving MoD and MITRE, which we covered in our blog outlining the top five cyber incidents of 2024 so far. Despite increased awareness, many businesses still struggle with effectively managing these risks. According to the UK Government’s Cyber Security Breaches Survey 2024, 31% of businesses and 26% of charities conducted cyber security risk assessments in the past year. Larger organisations are more proactive, with 63% of medium businesses and 72% of large businesses conducting these assessments.

However, only 11% of businesses review the cyber risks posed by their immediate suppliers, a figure that rises to 28% for medium businesses and 48% for large businesses. This limited oversight is concerning given the complex and interconnected nature of modern supply chains. The qualitative data indicates that while awareness of supply chain cybersecurity risks is growing, smaller organisations often lack the formal procedures necessary to manage these risks effectively.

As organisations continue to migrate their operations to the cloud, vulnerabilities within cloud environments have become a critical concern in 2024. The flexibility and scalability of cloud services come with a unique set of security challenges that can be exploited by well-versed threat actors.

A significant factor contributing to cloud vulnerabilities is misconfiguration. According to reports as far back as 2019, misconfigured cloud settings were responsible for nearly 70% of all cloud security incidents, and according to IBM’s Cost of a Data Breach Report, 45% of reported breaches were cloud-based. These misconfigurations can lead to unauthorised access, data leaks, and compliance issues. Additionally, the shared responsibility model of cloud security often leads to confusion about where the provider’s security obligations end and the client’s responsibilities begin, leaving gaps that can be exploited. The NCSC has published free guidance on cloud security and shared responsibility models.

The rise in cloud-based attacks has also been driven by increasingly sophisticated threat actors targeting cloud infrastructure. For instance, the recent breaches involving high-profile cloud services such as the recent Microsoft Azure incident have shown that attackers are leveraging advanced techniques and exploiting zero-day vulnerabilities to bypass security controls, escalate privileges, and access sensitive data. These incidents highlight the importance of robust security practices, including regular audits, comprehensive monitoring, and strict access controls.

To mitigate cloud vulnerabilities, organisations should focus on improving their cloud security posture through continuous monitoring to identify any vulnerabilities or misconfigurations exposing their cloud infrastructure’s attack surface, employee training and implementing robust policies for access, user groups and data handling, and of course, adherence to best practices for cloud configuration and management. The Center for Internet Security (CIS) has published the CIS Benchmarks, a series of prescriptive recommendations for configuring over 25 cloud and network vendor product families including AWS, Azure and Google Cloud Platform (GCP).

By addressing these vulnerabilities proactively and implementing industry best practices and benchmarks, businesses can better protect their data and maintain trust with their customers.

The top five cyber threats of 2024 so far serve as a stark reminder of the evolving threat landscape. By understanding the risk and implementing a layered and strategic approach to cyber security, organisations can better protect their people, data, and customers.

The finance sector is one of the biggest targets of cyber threat actors with 65% of organisations hit by ransomware in 2024, according to recent research by Sophos. As the financial technology (Fintech) sector continues to revolutionise the way we handle money, the stakes for cyber security have never been higher.

The integration of innovative digital solutions, from AI-driven financial services to blockchain technology, has opened up new opportunities for growth, but it has also expanded the threat landscape.

This blog explores the current cyber security challenges facing the financial technology industry, the impact of these threats, and the best practices that companies can adopt to safeguard their operations and customer trust.

The Fintech industry, characterised by its rapid adoption of cutting-edge technologies, is a prime target for cybercriminals. According to recent reports, the financial services sector experiences cyber-attacks 300 times more frequently than other industries, with Fintech companies being particularly vulnerable due to their digital-first nature. The rise of AI and machine learning in Fintech has further complicated the threat landscape, as these technologies can be both a tool for defence and an instrument for sophisticated attacks.

Key Threats Facing Fintech Today

• Data Breaches: With vast amounts of sensitive financial data at stake, data breaches remain one of the most significant risks for Fintech and financial services firms. Recent breaches, such as the SolarWinds attack, have highlighted the vulnerabilities in supply chains and third-party providers, making it clear that no organisation is immune.
• AI-Driven Cyber Attacks: The same AI technologies that enable personalised financial services are also being used by cybercriminals to automate attacks, enhance phishing campaigns, and exploit vulnerabilities faster than traditional methods. For instance, AI can create highly convincing deepfake videos and emails, making it easier to deceive even the most vigilant employees.
  One of the most alarming examples occurred in earlier this year, when cybercriminals targeted a Hong Kong-based financial services firm in a first-of-its-kind heist. Using advanced deepfake technology, the attackers impersonated the firm’s Chief Financial Officer (CFO) during a video conference call. They convincingly replicated the CFO’s voice and appearance, deceiving an employee into transferring nearly £20 million to a fraudulent account. [source: Ars Technica]
• Regulatory Challenges: With evolving regulations such as GDPR and PSD2 in Europe, and new guidelines from the FCA and other financial authorities worldwide, Fintech companies must navigate a complex web of compliance requirements. Failure to comply not only risks legal substantial penalties, but also damages brand reputation.

As the digital landscape evolves, so do the threats and opportunities in cyber security. With 2025 on the horizon, organisations face an increasingly complex web of challenges – from AI-powered attacks to the growing influence of regulation. To stay ahead, it’s crucial to understand where the industry is heading over the next 12 months.

In this blog, we outline our top 5 cyber security predictions for 2025, offering insights into emerging trends and practical strategies to bolster your cyber defences. It’s no surprise that advancements in AI are shaping the future of cyber security, driving both innovation and new challenges in the year ahead.

Artificial Intelligence continues to revolutionise the way we approach cyber security, but it’s also empowering attackers with unprecedented capabilities. In 2025, we predict a significant rise in AI-driven cyber threats, from hyper-realistic phishing scams to automated vulnerability exploitation at scale. Deepfake technology, for example, is being used in phone scams and social engineering attacks, mimicking voices and appearances with unsettling accuracy to deceive victims. These attacks will be faster, more sophisticated, and harder to detect, leveraging AI’s ability to mimic human behaviour and analyse defences in real-time.

To counteract this, organisations must embrace AI-enhanced security solutions, invest in workforce training, and prioritise threat intelligence sharing. The battle against AI-powered attacks will demand a proactive and adaptive approach.

Ransomware attacks are expected to surge in 2025, with AI adding a dangerous new dimension. Attackers are increasingly leveraging AI to identify vulnerabilities more efficiently, automate their attacks, and tailor their tactics for maximum impact. Ransomware attacks can be supported through AI, which can adapt in real time, encrypting files faster or evading detection by mimicking legitimate processes.

The stakes are higher than ever, as these sophisticated attacks target not only businesses but also critical infrastructure and individuals. To combat this, organisations must invest in advanced threat detection systems, conduct regular security audits, and ensure robust incident response plans are in place to minimise downtime and financial loss.

Our next prediction for the top 5 cyber security threats of 2025 is that cyber insurance is expected to undergo significant shifts as the landscape of digital threats evolves. The market for cyber insurance is projected to grow to $22.5 billion over the course of 2025*, reflecting the increasing complexity and risks businesses face from cyber attacks.

One of the major factors influencing this change is the rapid growth in AI-driven threats. Insurers will be looking for businesses to demonstrate robust cyber resilience, particularly through proactive risk management practices such as implementing advanced cybersecurity measures and understanding the full scope of potential cyber exposures.

Coverage will likely expand beyond just ransom payments, with an increased focus on protecting against broader costs like business interruption, reputational damage, and legal repercussions.

As the sector matures, businesses will need to balance cost-effective measures with comprehensive protection, and insurers may offer discounts for companies that adopt stronger cyber security protocols, such as multi-factor authentication and endpoint detection.

Organisations everywhere are harnessing remarkable productivity gains with AI, but there’s a flipside we can’t afford to overlook. AI isn’t just fuelling innovation. It is also opening new pathways for cyber threats.

In this blog, we’ll look at how AI is making it easier for people to commit cybercrime and changing the way attacks are carried out. We’ll discuss the problems this creates, such as more targeted and convincing attacks, and suggest practical solutions to help organisations and individuals stay safe.

Vibe hacking refers to the use of AI not just to automate cyber attack tasks, but to strategically shape and amplify the psychological impact of those attacks. Unlike traditional hacking, which often targets technical vulnerabilities, vibe hacking manipulates both digital systems and human perception.

AI enables threat actors to:

• Craft emotionally resonant extortion messages
• Tailor tactics to exploit behavioural vulnerabilities
• Adapt attack strategies in real time

This isn’t just more efficient cyber crime, it’s a new era of AI-orchestrated threat campaigns, where the entire lifecycle of an attack is guided by machine intelligence.

The recent Anthropic Full Threat Intel Report reveals how Claude, an AI system, is being weaponised by cyber criminals. The data extortion campaign ran across 17+ organisations in sectors including government, healthcare, and emergency services. This wasn’t just automation, it was AI-driven orchestration.

Claude executed:

• Reconnaissance
• Credential harvesting
• Lateral movement
• Data exfiltration
• Psychological extortion crafting

The attacker embedded their preferred tactics in a CLAUDE.md file, guiding Claude’s behaviour. Ransom demands reached $500,000, with stolen data ranging from medical records to government credentials.

This is a textbook case of “vibe hacking”, where AI doesn’t just assist, it dictates the strategy too. The implications for incident response and threat modelling are profound. The sophistication and scalability afforded by AI means that even relatively unsophisticated adversaries can now launch highly coordinated, multi-stage attacks with unprecedented speed and precision.

If it’s happening with one AI tool, it’s safe to assume cyber criminals are exploiting AI at every opportunity. From ransomware development to sanctions evasion, AI is enabling threat actors to scale operations, simulate expertise, and bypass traditional barriers.

AI is not just enhancing attacks, it’s enabling them from scratch, and at a much lower skill entry level. This shift is democratising cyber crime, allowing individuals with minimal technical knowledge to execute complex campaigns. The barrier to entry has dropped, but the risk has surged.

In November 2025, the UK Government released a comprehensive report on the economic cost of cyber crime, which highlights how the average cyber incident costs a UK business £195,000. Scaling this to an annual UK cost, generates an estimate of £14.7 billion, equivalent to 0.5% of the UK’s GDP [Source]. The growing threat landscape and significant cost of cyber crime makes cyber security a pressing issue for all UK businesess.

2026 is set to be a landmark year for cyber security. AI, deepfake technology, quantum risk and supply chain vulnerabilities are converging to reshape the cyber landscape. Cyber criminals are now faster, more scalable and increasingly autonomous, relying less on human expertise and more on intelligent, self-learning tools.

In response, cyber defence must evolve too. It is no longer enough to react. Security needs to be predictive, adaptive and capable of operating at machine speed.

CyberLab’s Board have put together their predictions for 2026, and their insights reveal powerful themes that businesses must prepare for.

AI is not just changing cyber security. It is redefining it. In 2026, AI will accelerate cyber defence, enabling faster detection, automated response and real-time threat modelling. However, it is also lowering the barrier to entry for cyber criminals, powering attack strategies that are faster, continuous and increasingly self-managing.

David Pollock, Chairman, highlights this duality:

“AI will speed up hackers’ ability to attack businesses and government. AI will also speed up our ability to defend and protect our customers.”

We will see a shift from human-led attacks to AI-led adversaries capable of executing cyber attacks without direct human involvement. These systems will operate at machine speed, identifying vulnerabilities, exploiting zero-day flaws and coordinating simultaneous attacks across multiple networks.

AI-driven attacks will be able to adapt mid-attack, changing strategies in response to defensive actions. They will learn from failed attempts, replicate successful exploits and scale attacks globally in seconds.

Ryan Bradbury, CTO, explains:

“The speed, scale and automation possible with agent-driven attacks will surpass anything we’ve seen before. We have to stop preparing only for human-led threats and start planning for autonomous AI-led adversaries.”

This means cyber defence will need to become dynamic, adaptive and automated. Continuous validation, predictive analytics and machine-speed response will become non-negotiable. AI-led defence will become the standard, not the exception.

While AI transforms the technical threats, humans will remain the most vulnerable target. In 2026, social engineering will become significantly more sophisticated as deepfake technology enables hyper-realistic voice, video and identity spoofing.

Wayne Price, Commercial Director, warns:

“Deepfakes and synthetic media will cause a surge in identity fraud, forcing organisations to ramp up digital identity verification practices.”

Attacks will no longer rely on poorly written phishing emails. Instead, employees may receive video messages from a supposed CEO requesting payment transfers, or voice calls mimicking trusted suppliers.

Gavin Wood, CEO, believes identity protection and human awareness will be critical:

“Human attack vectors will continue to be exploited, especially with AI-driven deepfakes, voice spoofing, phishing, and super realistic, authentic-looking videos, et cetera. Securing the human will be absolutely key for cyber security in 2026.”

Identity and access management will become one of the most important areas of cyber security, with organisations investing heavily in digital identity verification, behavioural biometrics and continuous trust authentication.

Ransomware will remain one of the biggest threats in 2026, but AI will make it more intelligent, harder to detect and significantly more scalable. Attackers will use AI to craft personalised phishing emails that are context-aware and perfectly mimic internal communications or supplier messages.

Adam Myers, Sales Director, has seen a clear rise in this trend:

“We’re seeing emails that look more real and on brand. It’s harder to spot. AI is helping hit that on scale.”

These emails are technically perfect, grammatically accurate and contextually relevant, making them almost indistinguishable from legitimate communications. AI will also be used to test email variations, conducting A/B testing on targets to improve success rates.

Elena Doncheva, Marketing Director, advises:

“Train your people, as they will likely be the first line of defence. Monitor your digital footprint and the dark web for data that attackers can utilise. Test your business continuity plans, disaster recovery and incident response plans. You can never be too prepared.”