13 May 2025

Experts warn that existing countermeasures are insufficient and must be rapidly enhanced in both sophistication and scope to stay ahead of increasingly innovative cybercriminal tactics. This concern is underscored by recent findings from the UK Parliament’s Public Accounts Committee, which warns that without a radically new approach, the government’s efforts to achieve cyber resilience by 2030 are unlikely to succeed.

“Ransomware groups are continuously evolving their tactics to bypass modern security controls,” said Hannah Baumgaertner, Head of Research at threat intelligence firm Silobreaker.

One emerging trend is the use of Bring Your Own Vulnerable Driver (BYOVD) techniques, enabling attackers to evade endpoint detection and response (EDR) tools. Groups such as CrazyHunter, Medusa, and the recently identified DOGE Big Balls — linked with the Fog ransomware — have adopted these methods. Additionally, attackers are exploiting legitimate system tools in ‘living-off-the-land’ attacks, blending malicious activity with normal operations to avoid detection.

Unpatched software vulnerabilities remain a primary entry point for these attacks. Baumgaertner emphasizes the importance of vigilant patch management and staff training to prevent phishing — currently the most common initial compromise method. She notes that while the manufacturing sector has seen increased targeting, government and healthcare organizations continue to be prime targets due to the sensitive data they hold.

“This trend is likely to persist because of the high value of data stored by these sectors,” said Baumgaertner.

On the regulatory front, the UK government has initiated a three-tier consultation to mitigate ransomware’s impact. Proposed measures include a targeted ban on ransom payments for public sector entities, mandatory reporting to the National Crime Agency for organizations considering payment, and a broader incident reporting framework.

“Only sectors such as Critical National Infrastructure are explicitly banned from paying ransoms, leaving most businesses with the option to pay. Attackers will follow the money, and without a universal ban, many will still pay,” said Chris Taylor, Principal Incident Response Analyst at NormCyber.

Taylor stresses that organizations should prioritize regular cybersecurity training, robust backup strategies, and clear incident response plans, with standards like ISO 27001 serving as indicators of maturity.

The overarching challenge is reflected in the Public Accounts Committee’s recent report, which criticizes the gap between the increasing complexity of cyber threats and the government’s capacity to counter them.

Chris Dimitriadis, Chief Strategy Officer at ISACA, said that “cyber adversaries are leveraging emerging technologies like AI to make their tactics more effective at disrupting critical services and infrastructure.”

He welcomes the government’s introduction of the Software Security Code of Practice for vendors but calls for a more fundamental overhaul. Dimitriadis advocates for cybersecurity to be treated as a core strategic issue, with board-level accountability and widespread adoption of governance frameworks such as the Cyber Governance Code of Practice.

He also highlights a significant skills shortage affecting both sectors. According to ISACA research, 58% of European IT professionals believe a cyberattack is imminent within the next year: “investing in cyber skills development and training is essential to building technical expertise and adapting to evolving threats.”