The steady rise of cybercrime
Cybercrime, a constantly evolving field, continued to transform in 2024 with increasingly sophisticated attacks and better organized criminals. According to a report by ENISA (the European Union's cybersecurity agency), in 2024, 95% of cyberattacks used social engineering techniques, such as phishing and smishing, demonstrating the growing importance of psychological manipulation in cyberattacks. In addition, companies reported a 30% increase in ransomware incidents compared to 2023, and this phenomenon continues to grow.
In 2024, several trends have emerged, reinforced by increasingly advanced technologies, such as artificial intelligence (AI), 5G networks, and quantum computing. Cybercriminals are exploiting these technologies to make their attacks more effective and harder to detect. In the face of these growing challenges, it is becoming essential to understand the dynamics of these cyberthreats, to best prepare for the developments expected in 2025.
Key trends in cybercrime in 2024
Artificial intelligence: a powerful tool for cybercriminals
AI at the heart of modern cyberattacks. In 2024, cybercriminals used sophisticated algorithms to improve the quality and effectiveness of their attacks. According to a study by Cybersecurity Ventures, 50% of cybercriminals have integrated AI into their attack strategies, particularly to create deepfakes and improve phishing. For example, automated phishing attacks increased by 80% in 2024 thanks to AI, enabling attackers to create increasingly personalized and convincing messages.
Professionalizing cybercrime: turnkey services
Cybercriminals, particularly those involved in ransomware attacks, have structured themselves into veritable professional organizations. In 2024, it is estimated that ransomware generated over $20 billion in annual revenues for criminal groups worldwide. Turnkey services such as ransomware-as-a-service (RaaS) make cybercrime accessible to a greater number of offenders. According to a study by Kaspersky, 40% of ransomware in 2024 used RaaS services, and around 70% of cybercriminals have no prior technical expertise.
Ransomware attacks: a persistent threat
Ransomware attacks remained among the most significant threats in 2024. According to Palo Alto Networks' "Ransomware in 2024" report, the number of ransomware attacks increased by 50% this year, with an average ransom cost approaching $2.5 million for affected companies. What's more, the phenomenon of double extortion (data blackmail after encryption) is now practiced in 70% of ransomware attacks, significantly increasing the pressure on businesses.
Online scams: smishing and phishing are becoming increasingly sophisticated
Online scams continue to multiply in 2024, with techniques such as smishing(phishing via SMS) and fake bank advisors. These scams are particularly effective because they exploit users' trust in official messages or financial institutions. Cybercriminals use convincing messages, often personalized with AI, to trick victims into divulging personal or financial information.
Hacktivism: a form of digital dissidence
Hacktivism, or digital activism, is also booming in 2024. Groups motivated by political or social convictions continue to carry out attacks against institutional targets, often using distributed denial of service (DDoS) attacks. These attacks aim to render online services inaccessible by saturating servers with requests, which can temporarily paralyze the websites of companies and public institutions.
COMCYBER-MI's role in French cybersecurity
Against this backdrop of growing cyberthreats, specialized structures such as COMCYBER-MI (Commandement de la cybersรฉcuritรฉ du Ministรจre de l'Intรฉrieur) play a key role in cybersecurity management within French public institutions. COMCYBER-MI is responsible for protecting the information systems of the Ministry of the Interior and associated entities. It coordinates cybersecurity efforts through a series of essential missions: monitoring systems to detect cyberattacks, responding to incidents, and implementing strategies to protect sensitive data.
In collaboration with other agencies such as ANSSI (Agence nationale de la sรฉcuritรฉ des systรจmes d'information), COMCYBER-MI ensures the security of critical infrastructures, such as emergency management systems, secure communication networks and databases. One of its priorities is to prevent cyber-attacks targeting sensitive systems, neutralize them rapidly and limit the impact of any intrusions. This coordination work, combined with a constant watch on emerging threats, is essential to maintain digital security in an environment where cybercriminals are becoming increasingly sophisticated.
Emerging cyberthreats for 2025
Attack automation and autonomous AI
AI will play an increasingly central role in the autonomous execution of attacks. A study by PwC predicts that, by 2025, 65% of cyberattacks will be automated, with AI capable of detecting and exploiting system vulnerabilities in real time. This radical change is likely to make the detection of attacks even more complex, as they will be adaptive and constantly evolving.
Cybercrime as a Service (CaaS)
The Cybercrime as a Service (CaaS) model is set to gain momentum in 2025. This model enables cybercriminals to rent sophisticated tools and services to carry out attacks, reducing the barrier to entry for less experienced individuals. This could lead to a proliferation of attacks, as even amateur cybercriminals will have access to powerful means of committing crimes.
Attacks on critical infrastructures
Critical infrastructures will be prime targets for cybercriminals in 2025. According to a report by the Cybersecurity and Infrastructure Security Agency (CISA), attacks on critical infrastructures are set to increase by 40% in 2025, particularly in the energy, healthcare and finance sectors.
Quantum computing: a new security risk
The emergence of quantum computing could also redefine the cyberthreat landscape. While this technology enables major advances in computation, it could also enable cybercriminals to decipher encrypted data currently considered unbreakable. This risk calls for the preparation of post-quantum cryptographic solutions to protect sensitive data in the future.
Defense and prevention strategies
Strengthening cybersecurity systems
The first line of defense against cyberattacks remains a robust cybersecurity system. Implementing advanced technologies, such as AI-powered monitoring systems, enables faster detection and more accurate response to security incidents. The adoption of Security Orchestration, Automation, and Response (SOAR) technologies is recommended to automate and streamline responses to cyberattacks.
User awareness and training
One of the most important levers in the fight against cybercrime is user training. In 2024 and 2025, companies and institutions need to invest in raising employee awareness of the risks of phishing, smishing and social engineering techniques. Phishing simulations and online training modules enable users to acquire the skills they need to recognize and avoid the traps set by cybercriminals.
Securing emerging technologies
Companies must also prepare to secure emerging technologies, such as 5G networks and quantum computing systems. Securing these new infrastructures will be essential to prevent large-scale attacks. Efforts must be made to integrate cybersecurity solutions right from the system design phase.
The cybercrime landscape in 2024 is marked by more sophisticated attacks, supported by cutting-edge technologies such as AI and quantum computing. COMCYBER-MI, a key player in French cybersecurity, plays an essential role in protecting information systems and responding to cyberattacks. To meet the challenges of 2025, it is crucial to strengthen cybersecurity strategies, raise user awareness, and develop security solutions adapted to new technologies. International cooperation and constant vigilance will remain crucial to protecting the digital future.
