Experts call for proactivity to combat state-sponsored cyber threats in 2025

In 2024, opposing nation-states have utilized cyberattacks to project power and disruption from within their own borders. This shift has been epitomized by the rise of the “Axis of Upheaval,” dominated by the CRINKs nations -- China, Russia, Iran, North Korea -- who share a common reliance on using cyberattacks to wreak havoc in an affordable manner.

Whether it’s North Korea using ransomware to generate revenue for its isolated regime, or Russia focusing on disrupting and eroding public trust in democratic institutions, each state is finding its niche to cause harm. Despite these varied goals and techniques, it’s the same sectors again and again in the crosshairs. Whether it’s CNI, healthcare, or finance, these organizations now must protect against a wide range of attack styles and techniques.

I spoke with a range of industry leaders who are calling for urgent action to bolster cybersecurity defenses, particularly in sectors most vulnerable to state-backed threats. From ransomware to zero-day exploits, and from deepfakes to the convergence of IT and OT security, experts warn that the landscape is shifting, and we must adapt quickly to stay ahead.

The Convergence of IT and OT: A Key Vulnerability

Andrew Lintell, General Manager EMEA at Claroty, emphasizes the critical need for integrated security measures to address the growing convergence of IT and OT systems, stating that “in 2025, the rising tide of state-sponsored cyber threats will make OT security investment an immediate priority for companies across critical infrastructure sectors.”

For organizations to remain secure, Lintell advocates for a unified approach: “Companies should prepare to act by establishing joint IT-OT security task forces that report directly to the board, with dedicated resources earmarked for OT-specific threat detection, vulnerability assessments, and incident response.” He believes that bridging the divide between IT and OT teams will be vital for detecting threats in real time. “Those companies that foster a strong security culture across these domains will stand better prepared to identify and address gaps in real time,” he notes.

The New Face of Warfare through Cyber

The threat of state-sponsored cyberattacks is now an everyday reality. John Kindervag, Chief Evangelist Officer at Illumio, explains that “the prevalence of cyber warfare is set to escalate as nation-state actors intensify their efforts to target critical infrastructure.” With the growing complexity of these threats, Kindervag believes that the distinction between conventional conflict and cyber threats has become increasingly muddied. “This rising threat blurs the lines between traditional warfare and cyberattacks, creating a complex battlefield where the implications of cyber operations can be as significant as conventional military actions.”

Dave Spencer, Director of Technical Product Management at Immersive Labs, emphasizes that nation-state actors have a significant advantage due to their effectively bottomless resources and time. “Nation state-led attackers have two things that no other type of threat actors have: unlimited time and unlimited budget,” he says. “This means they more often than not have the resources and time to successfully gain access wherever they want.”

Spencer points out that the sheer scale of their capabilities makes it essential for organizations to take proactive steps to defend themselves. “Organizations in regions with conflict should understand the threats that impact them and conduct regular threat hunts across their network using the latest threat intel feeds,” he advises. Spencer also stresses the importance of continuously updating defensive tools and strategies: “You must regularly update your telemetry with data enrichment based on your assets and use the most up-to-date techniques to stay ahead.”

The Enduring Threat of Ransomware

Of course, ransomware attacks remain one of the most devastating tools in the arsenal of state-backed threat actors. Itay Glick, VP of Products at OPSWAT highlights that “ransomware attacks are surging in frequency and complexity, posing a grave threat to critical infrastructure.” Glick specifically references a high-profile attack on NCR by the ALPHV group, which disrupted the Aloha POS platform and impacted businesses across the food service industry. “This attack demonstrated how ransomware can cripple operations and highlight the necessity for advanced threat detection and incident response capabilities,” he states.

Gary Barlet, Public Sector CTO at Illumio, agrees that ransomware will continue to be a top priority. Still, he notes a change in tactics that organizations are likely to adopt, stating that they will “prioritize internal defenses and post-breach strategies over traditional perimeter security, recognizing that the fight against cyberattacks is shifting inward.” He stresses the importance of adopting technologies like “data encryption and network segmentation as essential components of resilient cybersecurity frameworks.” Barlet believes these internal measures will become critical next year to minimize ransomware damages.

Deepfakes and Zero-Days will be a Cybercriminals New Best Friend

The rise of new technologies is presenting both opportunities and challenges in the fight against state-sponsored cyber threats. Mike Britton, CIO of Abnormal Security, believes that the use of deepfakes will continue to grow, albeit more gradually. “While the ‘Year of the Deepfake’ is probably still a couple of years away, we’re going to steadily see more incidents of malicious deepfake activity,” Britton says.

He continues: “Some of the most immediate and concerning use cases we could see may involve the use of deepfakes in legal proceedings and forensics, as CCTV footage and other evidence become much more easily manipulated.”

Meanwhile, Raj Samani, SVP and Chief Scientist at Rapid7 points to the ongoing rise of zero-day exploits as a growing concern. Rapid7 research has found an increase in mass compromise events resulting from zero-day attacks, indicating that these threats will continue to be a headache for organizations in 2025. Samani explains: “While zero-days may not always be primary vectors to deploy ransomware, both state-sponsored and financially motivated groups have leveraged these vulnerabilities to achieve their objective.”

Spencer echoes Samani’s insights, stating that the surge in zero-day vulnerabilities is due to “a lack of speed and agility to detect and resolve vulnerabilities before they are leveraged by attackers.” According to Spencer, organizations are failing to collaborate effectively with external researchers, leaving critical vulnerabilities unpatched. “Threat researchers receive limited kudos and incentives for discovering bugs,” Spencer explains. “Meanwhile, companies have strict NDAs and pay less than third-party bug bounties, which makes researchers less willing to work closely with them.”

A Call for Proactive, Collaborative Action

With these varying perspectives, state-sponsored cyber threats require a unified and proactive response both within business, as well as on a law-making level.

Spencer’s advice is clear: “Organizations must conduct regular threat hunts and stay up to date with the latest threat intelligence. Only through this proactive stance can they hope to stay one step ahead of the growing threats posed by state-sponsored attackers.”

Kindervag and Trevor Dearing, Director of Critical Infrastructure at Illumio, also emphasizes the need for broader collaboration across government and industry to build cyber resilience. Dearing advocates for “a much-needed rethink by government and industry in cyber resilience,” while Kindervag calls for increased urgency in securing national infrastructures against cyberattacks. “The urgency for robust cybersecurity measures to protect vital systems and maintain national security has never been greater,” he states.

As Lintell concludes, “Companies that fail to make this shift will likely find themselves outpaced by the evolving threat landscape, while those that take a proactive approach will solidify their defenses against state-sponsored and other advanced cyber threats.”

Photo credit: Gts / Shutterstock

Robin Campbell-Burt is CEO, Code Red.