Straight from the dark web: Cybersecurity risks we should expect in 2025

The changing face of cybercrime

Every December, NordVPN experts share their predictions for the biggest cybersecurity threats of the coming year. While last year’s cybersecurity predictions for 2024 still hold true, the cybercrime landscape has continued to evolve. As new tools and tactics continue to emerge, it’s crucial to stay informed about the risks that lie ahead.

We’ve partnered up with NordStellar, whose researchers dug into the largest dark web forums to identify the most discussed and emerging threats. “This year, we’ve explored beyond the most talked-about topics to identify five new threats and vulnerabilities likely to rise in 2025,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

Let’s explore what the researchers have found.

Threat #1: Account takeovers will become more widespread

The dark web’s most popular threads, with over 135,000 comments, revolve around “combo lists” — databases containing usernames, passwords, and personal data from various data breaches. Another hot topic, with nearly 26,000 comments, focuses on account takeovers that use this stolen information for unauthorized access to the accounts.

Since many people reuse passwords across multiple sites, hackers having access to this data not only allows them to commit fraud but also puts you at high risk of identity theft. Warmenhoven warns that as long as password reuse remains common, these attacks will continue to thrive.

How to protect yourself from account takeovers

Protect yourself from account takeovers — follow these essential tips:

1. Use strong, unique passwords. Create complex passwords that combine uppercase and lowercase letters, numbers, and symbols, and avoid reusing them across accounts.
2. Enable two-factor authentication (2FA). 2FA adds an extra layer of security by requiring a second verification method (such as a text message or authentication app) when logging in.
3. Monitor your accounts. Regularly check your bank accounts, email, and other sensitive accounts for suspicious activity.

Threat #2: Exploits of vulnerabilities in smart home security systems

Another popular thread on the dark web, with nearly 21,000 comments, highlights security flaws in smart home systems and apps and provides detailed instructions on how to exploit them.

The 2024 IoT Security Landscape Report examined 50 million devices, revealing over 9.1 billion security events worldwide. On average, home networks face an average of 10 attacks daily on connected devices — and this number is only expected to rise in 2025.

“Hackers are increasingly targeting a broad range of smart home devices, from security systems to everyday appliances like smart refrigerators and vacuums. While some devices may act as gateways for broader network attacks, others, like home CCTV systems, can be directly hacked, potentially exposing your private activities,” says Warmenhoven.

How to protect yourself from smart home security threats

Follow these tips to protect yourself from falling victim to smart home security threats:

1. Change default passwords. Replace the default passwords on all your smart devices with strong, unique ones to prevent unauthorized access.
2. Enable encryption and use a secure network. Ensure your smart devices use encryption and connect them to a secure Wi-Fi network with a strong password.
3. Update software regularly. Keep your devices’ firmware and apps updated to prevent hackers from exploiting vulnerabilities.

Threat #3: Hackers will continue to prioritize identity theft

While credit card and insurance fraud are common topics, identity theft remains the primary focus for hackers due to its high profitability. As hackers continue to exploit personal data to access bank accounts, secure credit cards, and commit tax fraud, we expect identity theft techniques to grow more sophisticated.

“Identity theft is evolving, with new forms expected to emerge next year. One of them, synthetic identity fraud, which merges real and fake data, often incorporates deepfake technologies to increase its effectiveness,” says Warmenhoven.

“Another developing method is reverse identity theft, where individuals use someone else’s identity not for financial gain but to live as them in daily life — securing jobs, accessing medical care, or avoiding legal consequences. These strategies focus on long-term impersonation over immediate financial benefits,” he says.

How to protect yourself from identity theft

Identity theft is a serious cybersecurity threat that can cause financial, legal, and emotional damage. While using strong passwords and two-factor authentication can help protect your data, more people are turning to identity theft protection services for added peace of mind.

With NordProtect, you get a reliable, easy-to-use service that helps to protect your identity and offers other cybersecurity benefits. NordProtect is included with the top-tier NordVPN Prime plan, which provides advanced VPN protection for your online activity, along with Threat Protection Pro™ to guard against various threats.*

*Available to US customers only.

Threat #4: The rise of disinformation as a service

According to the World Economic Forum’s Global Risks Report 2024, AI-generated misinformation and disinformation rank as the second-most severe global risk (53%) over the next two years, just behind extreme weather, with cyberattacks ranking fifth.

“Reflecting on current trends on the dark web, we anticipate that disinformation as a service will emerge as a significant threat next year. This solution, offered by cybercriminals, profits from creating and spreading false information.” says Warmenhoven.

How to protect yourself from disinformation

Protect yourself from disinformation with these tips:

• Verify sources. Always check the credibility of news and information before trusting or sharing it. Use reputable news outlets and cross-reference information using multiple sources.
• Be critical of social media content. Sensational headlines are usually crafted to trigger strong emotional reactions, often at the expense of accuracy. Similarly, unverified claims and posts from unfamiliar accounts are more likely to spread misinformation or come from unreliable sources.
• Educate yourself on disinformation tactics. Learn how disinformation campaigns work, including the use of bot accounts and deepfake technologies, so you can spot and avoid manipulated content.

Threat #5: AI-driven social engineering attacks will grow more sophisticated

A key emerging threat is the use of AI to detect vulnerabilities, making tools for manipulating human behavior more complex and effective. These tools are now better at extracting sensitive information and crafting convincing phishing emails.

“We are currently witnessing the emergence of a threat known as ‘company manipulation and exploitation,’ where bad actors trick company representatives into issuing refunds or replacements for nearly any reason. These forums provide precise methods for researching companies to effectively execute these schemes, targeting major corporations like Amazon, ASOS, and Walmart,” says Warmenhoven.

How to protect yourself from phishing scams

Protect yourself from phishing scams by following these tips:

• Be cautious with emails and messages. Don’t click on links or download attachments from unsolicited emails or messages, even if they appear legitimate. Always verify the sender first.
• Look for red flags. Phishing emails often use urgent language and suspicious sender addresses or contain spelling mistakes. If something feels off, double-check before responding.
• Verify before providing personal information. If you’re asked to share sensitive data, contact the company the message is allegedly from directly using a verified number or website to confirm the request.