The "2024 Cybersecurity Report - 2025 Trend Forecast," released on April 8 by Vietnam Cybersecurity JSC (VSEC), provides updated insights, in-depth analysis, and forecasts on prominent cybersecurity trends in Vietnam and globally.

Key cybersecurity trends for 2025 stand out in VSEC’s latest report. Experts highlight four main trends that are shaping security: attacks on cloud computing services, supply chain attacks, assaults on LLM, and AI-driven cyberattacks.

On cloud computing attacks, experts said shifting to the cloud is not a new story but is accelerating strongly.

Thus, security flaws during the transition into the cloud remain key targets for cybercriminals. Using technical and non-technical tactics, hackers can hijack admin accounts to access and steal sensitive data. API (Application Programming Interface) attacks will also rise to breach cloud apps and services.

At the same time, the use of malware to infect virtual machines in cloud environments is also expected to remain a constant threat.

For supply chain attacks, VSEC experts said the complexity, dispersion, and broad impact of supply chains pose both challenges and “rewards” for cybercriminals.

Attackers can embed malware into supplier products, silently spreading it to customer systems. Breaches targeting supplier systems also aim to steal sensitive data or disrupt production.

Notably, exploiting vulnerabilities in widely used open-source software poses major global security challenges.

Predicting LLMs as enticing hacker targets, VSEC experts explained that stealing LLM training data could expose sensitive information or spawn malicious models.

“The 'prompt injection' technique also allows attackers to manipulate LLMs to generate false responses or steal data. The emergence of malicious LLMs is understandable when they have the ability to simulate legitimate LLMs, posing new challenges in user authentication and protection,” said VSEC.

VSEC’s newly released report has warned that cybercrime groups will increasingly wield AI in attacks. AI’s growth brings benefits but also new attack methods.

AI can craft highly personalized phishing emails, bypassing traditional filters. AI-powered malware can self-mutate to evade detection.

Beyond that, AI can swiftly and efficiently detect and exploit software vulnerabilities. What AI might do next remains unpredictable.

From reactive fixes to proactive threat hunting

With cyberattacks rising in volume and sophistication, VSEC experts recommend a "proactive cybersecurity" approach.

Instead of waiting to respond to incidents, agencies, organizations and businesses should adopt proactive solutions to detect and mitigate risks early. This method enables continuous threat monitoring and strengthens defenses against complex attacks.

Security experts also suggest effective, widely adopted approaches: Continuous Threat Exposure Management (CTEM), a proactive strategy tackling fast-evolving threats like zero-day attacks and targeted campaigns; MDR services offering 24/7 monitoring, advanced threat analysis, and rapid incident response to cut reaction time and damage; and PTaaS—continuous penetration testing services, letting organizations regularly assess system and app security.

Van Anh