10 common cybersecurity threats and attacks: 2025 update

$13.82 trillion dollars. That’s the projected annual cost of global cybercrime by the year 2028. However, with cybercriminals constantly sharpening their skills and honing new attacks, the actual cost could easily be much higher.

You need to attack potential digital threats from many angles. Remaining up to date on industry trends and the latest hacker tactics, techniques, and procedures (TTPs) is one of the simplest things you can do to stay protected. 

But you need to know just what you’re up against. 

The impact of cybersecurity attacks

According to Cybersecurity Ventures, if annual cybercrime were a country, it would have the third-largest gross domestic product (GDP) worldwide after the United States and China. These staggering statistics underscore the alarming reality that cybercriminals have turned data into valuable currency. 

Staying informed about industry trends and the latest tactics, techniques, and procedures (TTPs) employed by hackers is a fundamental step in ensuring your protection. To help with this, we’ve compiled a list of the 10 most common cybersecurity threats you’re likely to face in 2025 and what you can do to protect against them.

Cybersecurity threats and attacks in 2025

1. Ransomware

Ransomware is one of the most prevalent and impactful cybersecurity threats in recent years. It has gained significant attention due to its ability to cause widespread disruption, financial losses, and data breaches. Ransomware attacks have targeted individuals, businesses, healthcare organizations, government agencies, and other sectors.

2024 ransomware example

The Change Healthcare ransomware attack currently holds the title for the biggest breach of US medical data in history, exposing sensitive data for 190 million people.

There were several related high-profile arrests in early 2024. The seizure of servers and the public release of over 7,000 decryption keys by the FBI, which severely disrupted the Lockbit ransomware group, is considered one of the most formidable RaaS operations.

We’ve also witnessed an increase in data extortion as a standalone strategy, with groups such as RansomHub embracing this model to steal sensitive data without deploying ransomware payloads. By threatening to release confidential information, these groups avoid detection by endpoint and network monitoring tools designed to flag ransomware activity.

How to defend against ransomware

Think of your clients’ networks as a digital fortress. To safeguard it, you need multiple layers of protection, each reinforcing the other:

• Perimeter security
• Endpoint security
• Network security
• Data security
• System hardening
• MFA
• Managed security

Although it is impossible to guarantee 100% protection against ransomware, there are certain tools and techniques, such as those above, that can be used to improve the security posture of your MSP business. This can help reduce the likelihood of an attack and mitigate the damage in the event of an incident.

2. Vulnerabilities

Threat actors continue to frequently target unpatched software, misconfigured systems, and known weaknesses (vulnerabilities) in widely used technologies. They’re capitalizing on opportunities to gain unauthorized access and disrupt operations.

2024 vulnerability example

Since January 2024, there has been a sharp increase in attempted attacks on edge devices, with over 84,000 recorded alerts targeting specific vulnerabilities. Vulnerabilities in edge devices are a highly effective method for compromising company networks. This trend underscores the expanding attack surface for MSPs. You can read more about recent trends in The MSP Threat Report.

How to defend against vulnerabilities

Prioritizing patch management is the first line of defense. We also recommend leveraging a SIEM solution and threat intelligence feeds to detect anomalous activity. Comprehensive SIEM data collection is essential.

Attack surface management is also a proactive approach to defend against vulnerabilities by identifying and reducing the potential points of attack within an organization’s systems and infrastructure. It involves continuously monitoring and assessing the organization’s digital footprint, including networks, applications, and devices, to identify any potential weaknesses or entry points for attackers.

By understanding and mapping the attack surface, organizations can prioritize and implement necessary cybersecurity measures to mitigate risks. This may include patching vulnerabilities, removing unnecessary services or applications, implementing strong access controls, and regularly updating security configurations.

3. Defense evasion

The term “defense evasion” generally refers to tools and techniques designed to bypass, disable, or evade cybersecurity defenses.

2024 defense evasion example

Most commonly, cybercriminals are looking to bypass endpoint detection and response (EDR) tools using “EDRKillers”. In recent years, EDR has become crucial in many environments to quickly identify malicious activity and has therefore become more of a target for threat actors seeking to successfully carry out their attacks. These systems monitor and analyze activity on an organization’s computer equipment to detect and respond to cybersecurity threats.

How to defend against defense evasion

• Enable tamper protection in EDR
  Many EDR vendors provide tamper protection that can help prevent unauthorized users from disabling or modifying EDR settings. Ensure that tamper protection is enabled for all endpoints, and regularly review the settings to confirm they haven’t been changed without your knowledge. Implement and monitor alerts for any changes made to tamper protection settings.
• Block vulnerable drivers
  Bring-your-own-vulnerable-driver (BYOVD) based tools are a popular choice for bypassing EDR. Consider blocking drivers that aren’t installed in your environment or creating an allowlist for only necessary drivers. Be sure to also review and update the list based on any changes in your environment or new threat intelligence.

For more information on notable EDR evasion tools being used by threat actors and tips on how to mitigate, read The MSP Threat Report.

4. Drive-by compromise

Drive-by compromise is when threat actors lure victims to malicious websites through techniques such as search engine optimization (SEO) poisoning and malvertising.  

2024 drive-by compromise example

In a 2024 cyberthreat incident, attackers leveraged fake Google ads to distribute the DeerStealer malware via a fraudulent Google Authenticator app. This sophisticated campaign underscores the continuing trend by threat actors to rely on malvertising to trick users into downloading malware.

How to defend against drive-by compromise
We suggest using an ad blocker as a cybersecurity necessity and maintaining an internal repository of trusted, up-to-date installers for common tools. We also suggest in-depth user training, application passlists, and EDR tools.

5. Phishing attacks

Phishing remains one of the most effective tools for cybercriminals due to its ability to exploit human trust.

2024 phishing attack example

In 2024, there was a surge in phishing attacks exploiting legitimate file-hosting services such as SharePoint, OneDrive, and Dropbox for identity theft, according to a report by Microsoft. Threat actors are also using AI to automate the creation of convincing phishing emails.

How to defend against phishing attacks
Continuous user education, robust email security tools, and vigilance are critical in reducing the risk of falling victim to these campaigns. Check out our phishing prevention blog for more tips on how to prevent these attacks.

6. Malware

Malware is a broad term that covers many different types of malicious software that can be installed on devices. When threat actors try to get malware installed on an endpoint—such as a laptop, desktop computer, or mobile phone—they’re doing it with the intention to harm, extort, or scare the organization.

2024 malware example

At the end of 2024, the FBI issued a warning about HiatusRAT malware actively scanning and infecting vulnerable web cameras and DVRs. These attacks primarily target Chinese-branded devices lacking recent security patches or those that have reached end-of-life.

How to defend against malware attacks

Invest in an EDR tool for proactive malware defense. An EDR's main function is to block malware by continuously monitoring and analyzing endpoint activities. It detects suspicious behavior and takes immediate action to prevent potential threats, enhancing overall security and protecting critical data and systems.

You can also take your defense to the next level with 24/7 fully managed endpoint defense. By combining advanced technology with human intelligence, managed detection and response (MDR) tools offer comprehensive protection and peace of mind.

7. DDoS attacks

A distributed denial of service (DDoS) attack is a malicious hacking method that uses multiple compromised devices to make an online service unavailable by temporarily interrupting, crashing, or corrupting the services of its hosting server.

DDoS attacks are becoming increasingly frequent and sophisticated. These attacks pose a growing threat to cloud services and businesses of all sizes.

Learn more about the different types of DDoS attacks in this blog.

2024 DDoS attack example
In the second half of the year, there was an extended Microsoft 365 and Azure outage due to a large-scale DDoS attack.

How to defend against DDoS attacks

• Invest in advanced threat detection and response solutions. These tools can provide early warning of potential attacks and enable faster, more effective responses.
• Conduct regular training and simulations for IT staff to help ensure that they are prepared to handle DDoS incidents effectively.
• Develop a comprehensive incident response and recovery plan to minimize downtime, including IP blocking, casting, and black hole filtering.

Read more about how to stop a DDoS attack.

8. Supply chain attacks

A supply chain attack is a cyberattack that attempts to access or disrupt vital components of a company’s supply chain. Hackers infiltrate supply chain technology and compromise trusted suppliers or vendors to gain unauthorized control of sensitive data, hold assets ransom, or cause harm to an organization’s operations.

Cybersecurity experts believe that supply chain attacks are increasing due to:

• Increased reliance on open-source platforms, third-party vendors, and APIs.
• Poor security practices in the supply chain.

2024 supply chain attack example

On November 21, 2024, supply chain software provider Blue Yonder disclosed a ransomware attack that caused widespread disruptions across its managed services-hosted environment. Blue Yonder, a critical vendor for supply chain optimization in industries ranging from retail to manufacturing, supports major organizations, including Starbucks, Morrisons, and Sainsbury’s. The attack temporarily incapacitated payroll and scheduling systems at Starbucks, while UK retailers faced disruptions in inventory management and product availability.

How to defend against supply chain attacks

Preventing future supply chain attacks may be one of the biggest challenges your team will face. With the increased reliance on open-source platforms and APIs, hackers will have no shortage of infiltration points to execute their malicious endeavors. 

But all hope is not lost. There are steps you can take to protect clients against supply chain attacks, including:

• Using endpoint monitoring tools to spot and stop suspicious activity.
• Staying current with all system patches and updates.
• Implementing integrity controls to ensure users are only running tools from trusted sources.
• Requiring admins and other users to use two-factor authentication.

In addition to the steps above, MSPs should have an effective incident response plan. As we mentioned, supply chain attacks are relatively new, so some are bound to infiltrate systems as we learn more and develop better protective techniques. 

9. Insider threats

According to Cybersecurity Insiders’ 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. About 51% experienced six or more attacks in the past year, and the average cost of remediation exceeded $1 million for 29% of respondents. The top three drivers behind the surge in insider attacks are complex IT environments (39%), adoption of new technologies (37%), and inadequate security measures (33%).

2024 insider threat example
A North Korean fake IT worker tried to infiltrate KnowBe4, the world’s most popular integrated security awareness training and simulated phishing platform.

How to defend against insider threats

Insider threats rely on the negligence and actions of a company’s end users. In addition to conducting cybersecurity awareness training, it’s important to implement tools and procedures to proactively monitor employees’ networks, such as ConnectWise SIEM™. You should also set up parameters and tools to monitor user behavior and establish strict cybersecurity protocols.

10. Business email compromise

Business emails can be compromised by cyberthreats in several ways, including:

• Phishing: Cybercriminals can use phishing emails to trick employees into divulging sensitive information, such as login credentials or financial information. These emails may appear to be from a trusted source, such as a bank or a supplier, and may use social engineering techniques to persuade the recipient to take action.
• Malware: Cybercriminals can use malware, such as viruses or trojans, to infect a user’s computer and gain access to their email accounts. Once the malware is installed, it can steal login credentials or capture sensitive information from the user’s computer.
• Social engineering: This type of cybersecurity attack tricks employees into divulging sensitive information or granting access to their email accounts. This can include impersonating an executive or IT administrator or creating a fake login page that appears to be legitimate.
• Weak passwords: If employees use weak, reused, or easily guessable passwords, cybercriminals can use brute-force attacks to guess the password and gain access to the email account.

The FBI refers to BEC as one of the most financially damaging online crimes.

How to defend against business email compromise

To protect against these threats, businesses can: 

• Train employees on how to identify and avoid phishing emails.
• Insist employees use strong passwords and two-factor authentication.
• Keep software and cybersecurity systems up to date.
• Implement email cybersecurity measures, such as spam filters.

General cybersecurity best practices for MSPs in 2025

Here are a few best practices you can follow internally to minimize the chances of one of these attacks infiltrating your clients’ systems:

• Stay proactive: Remain ahead of the curve when it comes to hacker and cyberattack education, client system updates, and anything else that’s within your grasp. Planning ahead and being prepared are two of the most critical steps in protecting clients’ digital assets.
• Implement audits: Keep track of any system changes for clients, attacks you’ve dealt with, etc. You’ll be able to avoid any mistakes and continually improve your offerings for clients.
• Use enterprise-grade software: ConnectWise can help with this. We have a full suite of products to help you give your clients the exact service and protection they need.
• Keep clients in the loop: Have open lines of communication with your clients. Even in the event of drastic errors, breaking the news right away is always the best course of action. You and your client can work together to get in front of the issue. By not saying anything, you may turn a minor issue into a much bigger problem.
• Train your staff often: Your team should constantly be renewing their training on cybersecurity trends and news, as well as on your internal company policies and procedures. This way, they’re both knowledgeable about their craft and able to follow company SOPs to provide premium customer service.

As always, ConnectWise is here to help with a variety of cybersecurity solutions for MSPs. Request a demo of our cybersecurity suite or talk to a cybersecurity expert today to see how we can help you protect your business and your clients.