Warnings from security experts increase after reports of a staggering 26% rise in cyber attacks in quarter three of 2024, highlighting a rising cybersecurity crisis, as businesses brace for even more of these threats in 2025.
In the lead up to winter, power and energy companies also faced up to 4X higher number of attacks than the industry average.
Urgent questions have been raised on what type of cyber attacks we can expect to see more of, and how to combat these looming threats.
Application security SaaS company, Indusface, identifies three key cyber threats to look out for in 2025: DDoS attacks, malware, and software vulnerability exploits.
1. Software Vulnerability Exploitation
Software Vulnerability Exploitation is on the rise, and is also named in the top types of cyber attacks against applications in 2024. The Indusface State of Application Security report found that attacks on vulnerabilities grew by 124% in the last 3 months, compared to Q3 of 2023.
Because of the widespread use of tools such as ChatGPT enabling novice hackers to easily find and deploy scripts that could exploit open vulnerabilities, the accessibility has lowered the barrier to entry for cybercriminals, resulting in an unprecedented rise in vulnerability exploitation.
This also comes with the growing prevalence of zero-day attacks targeting unpatched software, which is a tactic heavily employed by ransomware actors and predicted to be on the increase in 2025.
How can businesses prevent these attacks? Venky Sundar, Founder and President of Indusface, provides comment:
”Tight integration between WAF and DAST platforms is the first step to prevent these attacks. With that, you will understand how many vulnerabilities are open and how many need protection. Once you have that view, invest in managed services so that the vulnerabilities can be virtually patched.
Ensure that your managed services provider has SLAs for virtual patching while also guaranteeing minimal false positives. That way, you can patch these vulnerabilities on code at a later date while you are protected at the WAF. ”
2. Malware
Malware has cemented itself as the main type of cyber attack experienced by organisations worldwide in 2024, with 75% of organisations reporting being affected by ransomware more than once in the past 12 months – a jump from 61% last year. But how can businesses protect themselves?
Venky Sundar adds: “Investing in endpoint security solutions like Antivirus and training employees on phishing can prevent malware from devices. An additional entry point for malware could be applications. Hackers can easily upload malware through forms that allow file uploads on websites or they could exploit an injection vulnerability to inject malicious code. Deploying a web application and API protection solution will help you prevent malware infection on applications. ”
To completely strengthen your businesses defences against malware, however, a multi-layered approach is needed. Indusface recommends:
- Regular Software Updates to ensure software is consistently patched and reduce any vulnerabilities.
- Educate employees on phishing tactics and malware and ransomware risks to reduce breaches that could come from human error.
- Prepare for worst-case scenarios by backing up data and ensuring quick recovery if an attack occurs.
3. DDoS Attacks
Indusface revealed that In Q3 2024, 6 out of 10 sites witnessed a DDoS attack. DDoS is also the #1 attack vector for SMBs, where each website/app sees 175% higher number of DDoS attacks compared to the enterprise apps.
What is a DDoS attack?
A DDoS (Distributed Denial of Service) attack involves multiple compromised systems working together to overwhelm a target with excessive traffic, resulting in service disruptions or shutdowns.
As a result, the business’ website would be unavailable or slow to access. Depending on the severity of the attack, the website could be down for a number of hours or days at a time.
If an eCommerce business experiences one of these attacks, they may face large scale revenue losses, posing significant risk to SMEs. In severe cases, these revenue losses can lead to a company shutdown.
Venky Sundar adds: “To defend against these attacks, start with a robust network infrastructure capable of handling heavy traffic. Implement basic defenses such as traffic filters to block malicious packets and rate limiting, which can help initially.
DDoS mitigation tools like AppTrana WAAP utilise AI and machine learning algorithms to analyse traffic in real-time. By continuously learning from patterns and anomalies, they can effectively adapt to shifting attack patterns, detecting and blocking malicious traffic faster and more accurately than static defences.”