The 2025 Cyber Threat Report by New Zealand’s National Cyber Security Centre outlines five key judgements about the evolving cyber threat landscape, highlighting state-sponsored attacks, the rise of ransomware-as-a-service, hacktivist disruptions, and the exploitation of supply chains and organisational vulnerabilities. It emphasizes the importance of preparedness for all organisations, showcasing detailed cases and statistics to inform strategic cybersecurity decision-making. #SaltTyphoon #VoltTyphoon #RansomwareAsAService
Keypoints
- Report Structure: The report begins with a foreword emphasizing organisational preparedness, followed by five key judgements that analyze specific cyber threats including state-sponsored actors, cybercrime commercialisation, hacktivism, supply chain exploitation, and vulnerabilities. Detailed examples, case studies, and statistical data support each section, concluding with resources and guidance for organisations.
- Key Judgement 1 – State-sponsored Actors: These advanced persistent threats (APTs) target New Zealand for strategic gain through espionage and disruption, employing spear-phishing, zero-day exploits, and living off the land tactics; notable groups include Salt Typhoon and Volt Typhoon linked to the PRC government.
- Key Judgement 2 – Commercialisation of Cybercrime: The rise of ransomware-as-a-service (RaaS) has enabled widespread ransomware attacks targeting sectors like healthcare and transportation, with AI amplifying cybercriminal capabilities by automating phishing and vulnerability scanning; reported direct financial losses reached $26.9 million in 2024/25.
- Key Judgement 3 – Hacktivism: Ideologically motivated groups conduct disruptive attacks such as DDoS and website defacements against financial institutions, government services, and media to promote political causes, sometimes overlapping with state-sponsored activities.
- Key Judgement 4 – Supply Chain and Organisational Blind Spots: Threat actors increasingly exploit supply chain vulnerabilities, hidden dependencies, and overlooked organisational weaknesses like legacy technology, configuration errors, and unpatched systems to gain access and cause impact.
- Statistics and Trends: In 2024/25, the NCSC received 5,995 reports including 331 high-significance incidents; state-sponsored linked incidents comprised nearly 25%, while cybercriminal incidents more than doubled to 137 with ransomware reports rising to 88 cases.
- Notable Findings: The blurred boundaries between state and criminal actors complicate attribution; AI and automation are significantly enhancing the scale and sophistication of attacks; preparedness must include advanced detection capabilities, multi-factor authentication, frequent backups, and incident response plans.
- Impactful Takeaways: Organisations of all sizes and sectors are potential targets due to data value or service criticality; paying ransoms is discouraged as it does not guarantee recovery and funds criminal operations; leaders must evaluate relationships, detection capabilities, and crisis response readiness against evolving threats.
- Recurring Themes: Persistent vigilance against sophisticated actors, importance of understanding and mitigating attack surfaces, leveraging international partnerships for intelligence sharing, and the critical role of organisational security hygiene and resilience.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)