Dark Web Trends Your Business Should Look Out For in 2025

The dark web threat to businesses

As we head towards the end of the year it’s important to understand how your business can be more informed and prepared for the threats posed by the dark web. According to IBM’s 2024 Cost of a Data Breach Report, the average cost of a breach increased by 12 percent year on year, reaching $4.62 million. With attacks costing organizations more, it’s important businesses stay up to date with trends coming from the dark web – the place where they originate.

In this blog we discuss the trends coming from the dark web in next year so organizations can anticipate what is to come from cybercriminals in 2025, and explore the ways they can protect themselves. What should businesses be aware of in 2025?

The use of artificial intelligence (AI) by cybercriminals

AI is already changing the way cybercriminals are working and attacking organizations and it will continue to facilitate cyberattacks and cybercriminals on the dark web in 2025. 

While the use of AI for cyberattacks is still really in the early stages, we can expect that in 2025 AI’s role in facilitating more sophisticated social engineering tactics such as phishing will increase.

Before AI, cybercriminals had to rely on their own language and written skills to create convincing phishing campaigns, some of which could be easily spotted because they were written in broken English or were littered with grammatical errors.

The proliferation of AI Large language models (LLMs) is making these campaigns harder to detect by allowing almost anyone to create well-written, convincing emails. Further sophistication could allow hackers to customize emails to apply the maximum pressure on recipients.

Frequency of cyberattacks will increase

With the use of AI making it easier than ever to launch cyberattacks, there is no surprise that the frequency of cyberattacks will increase in 2025. Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

As businesses rely more heavily on connected systems, cybercriminals are taking new opportunities to exploit vulnerabilities. The dark web will continue to play a critical role in facilitating cybercrime growth. As data breaches increase, stolen credentials, sensitive information, and hacking tools will continue to flood dark web marketplaces. As well as AI, the dark web lowers the barrier to entry for less-experienced criminals, enabling them to purchase ready-to-use malware, and ransomware-as-a-service (RaaS) tools.

Increase in law enforcement takedowns

While cybercrime may increase in 2025, law enforcement will continue to disrupt the dark web with the takedown of more forums and marketplaces. This year we saw the likes of LockBit, CrimeMarket, and Nemesis have their dark web sites closed (at least temporarily) or their operations seized due to the hard work of law enforcement agencies from around the world.

For example, in 2024 Operation Cronos, the international collaboration against LockBit severely diminished the gang and marked a new approach for law enforcement. The focus on discrediting LockBit has had a proven impact, which we can see in its decreased output in victims in the second half of the year.

Ben Jones, Co-Founder and CEO at Searchlight Cyber has commented: “Next year we’ll see the continuation of a trend that has already emerged – in part driven by law enforcement: the fragmentation of the ransomware landscape. Our observations show more ransomware groups but with a smaller victim share, possibly operating on the hope that if they maintain a low-level of activity they can avoid the type of law enforcement action that LockBit encountered.”

With the introduction of tools such as dark web monitoring platforms, law enforcement can easily collaborate with other agencies from across the world, collate evidence and actionable insights to trace cybercriminals.

Harsher penalties for ransomware payments

In 2024, ransomware payments soared, with the average extortion demand per ransomware attack over $5.2 million. In March one organization paid in excess of $75 million to a ransomware gang.

However, it is possible that we see harsher penalties for organizations that give in to their demands in 2025, in response to changing geopolitical factors. Ann Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, noted that insurance policies — especially those covering ransomware payment reimbursements — are fueling the very same criminal ecosystems they seek to mitigate. “This is a troubling practice that must end,” she said in October 2024, championing stricter cybersecurity requirements as a condition for coverage to discourage ransom payments.

Ben Jones said: “Another complication for businesses in 2025 could be harsher rules and penalties for paying out on ransomware. As cybercrime becomes increasingly wrapped up in geo-politics, it wouldn’t be a shock to see governments take a harder line on ransomware payment – especially if it is proven that money from ransomware payments is making its way into the hands of sanctioned regimes.”

Dark web future trends

It is important for organizations to understand the threats from the dark web in 2025 and make the necessary updates to their infrastructure and security procedures to ensure they are prepared for the latest trends.

Searchlight Cyber’s dark web monitoring tool for businesses continuously monitors hidden cybercriminal activity, helping organizations keep abreast of the latest techniques used by threat actors. Moreover, it detects, categorizes, and alerts businesses to imminent threats so they can take action against cybercriminals before they strike.