The latest cyber Threat Analysis Report from Recorded Future’s Insikt Group provides a deep dive into the most significant cyber threats of 2024 and outlines key predictions for 2025. As cybercriminals adapted to law enforcement crackdowns, businesses struggled with ransomware proliferation, SaaS vulnerabilities, and AI-driven cyber threats. Here’s a summary of the report’s key findings and what organisations should prioritise in 2025. 

Key Cyber Threats in 2024 

1. SaaS Applications and Stolen Credentials 

The rapid expansion of software-as-a-service (SaaS) usage has increased the attack surface for cybercriminals. 

ALPHV and RansomHub targeted Change Healthcare using stolen credentials with no multi-factor authentication (MFA) in place. 

The Snowflake attack by UNC5537 saw hundreds of organisations compromised due to infostealer malware and weak MFA enforcement. 

Key takeaway: Identity security is critical—organisations must enforce MFA and strengthen SaaS security policies. 

2. Ransomware Resilience and Criminal Evolution 

Law enforcement disrupted major ransomware-as-a-service (RaaS) groups like LockBit and ALPHV, but new ransomware families filled the gap. 

Ransomware remained highly profitable, with ransom payments reaching $459.8M by mid-2024. 

New attack trends: Increased use of legitimate remote management tools (RMM) like AnyDesk and TeamViewer for evading detection. 

Key takeaway: Ransomware threats are evolving, not declining—organisations must move beyond perimeter defences to proactive threat hunting. 

3. Nation-State Cyber Operations and AI-Driven Influence Campaigns 

China, Russia, and Iran leveraged generative AI to conduct large-scale influence operations during global elections. 

Chinese threat actors engaged in pre-positioning attacks, particularly targeting US and Indian critical infrastructure. 

Russia-linked groups like Sandworm deployed hacktivist proxies to disrupt Ukraine’s allies and influence NATO relations. 

Key takeaway: AI-powered disinformation and cyber espionage are on the rise—defenders must monitor influence operations alongside cyber threats. 

Cybersecurity Predictions for 2025 

• AI-driven impersonation attacks will increase, exploiting SaaS environments. 
   

• A major breach will likely stem from AI integration in enterprise workflows. 
   

• Cryptocurrency fraud could lead to a market-destabilising event. 
   

• More organisations will report Chinese cyber pre-positioning, highlighting the growing threat to critical industries. 
   

• The MacOS and mobile malware ecosystem will expand, shifting away from traditional Windows-focused threats. 

How Organisations Can Prepare 

✅ Enforce MFA on all SaaS applications and remote access points. 
 

✅ Harden identity security with passkeys and AI-driven user behaviour analytics. 
 

✅ Implement zero-trust architectures to counteract insider threats and credential-based attacks. 
 

✅ Monitor and disrupt AI-driven influence operations targeting elections and businesses. 
 

✅ Invest in robust ransomware detection—don’t rely solely on EDR/XDR tools; integrate behaviour-based detections. 

Recorded Future’s Threat Analysis Report reinforces one key message: cyber threats are evolving rapidly, and defensive strategies must keep up. Organisations should prioritise identity security, AI threat intelligence, and proactive threat mitigation to stay ahead in 2025. 

To find out how ITogether can help you navigate the latest cyber threats, contact us today on 0113 241 0123.

🔗 Source: Recorded Future Threat Analysis Report