2025: A year of Escalating Cyberattacks and Emerging Threats in teh UK
The year 2025 witnessed a relentless barrage of cyberattacks, impacting major UK organizations and signaling a important escalation in both the sophistication and scope of threats. From nation-state actors leveraging artificial intelligence to ransomware gangs crippling critical infrastructure,the cybersecurity landscape proved to be a constant battleground for professionals. The incidents affecting household names like Marks & Spencer,Co-op,and Jaguar Land Rover underscore a year that will be long remembered for its disruptive impact.
The Rise of AI-Powered Cybercrime
A dominant trend throughout 2025 was the exploitation of artificial intelligence (AI) models by threat actors. Early in the year, Google’s Threat Intelligence Group (GTIG) revealed that nation-state-backed groups originating from China, Iran, North Korea, and Russia were actively attempting to abuse its Gemini AI tool. According to GTIG, these actors utilized Gemini across various stages of their attack chains, including securing infrastructure, identifying targets, researching vulnerabilities, developing malicious code, and evading security measures. this marked a concerning shift, demonstrating how advanced technologies could be weaponized to amplify cybercriminal capabilities.
Ransomware Attacks target Critical Services
The fallout from past attacks continued to reverberate in 2025. At the end of March, the UK’s Data Commissioner’s Office (ICO) levied a £3.07 million fine against Advanced Computer Software Group, now known as OneAdvanced, for a 2022 LockBit ransomware attack that severely disrupted NHS services. The ICO found that the company’s health subsidiary lacked adequate technical and organizational security measures, specifically citing deficiencies in multifactor authentication (MFA), vulnerability scanning, and patch management.This served a
Data Breaches Expose Sensitive information
Throughout the year, numerous data breaches exposed the personal information of millions of UK citizens. In February, the retail group Marks & spencer confirmed a data breach affecting an unknown number of customers. Later, the Co-op reported a similar incident, with hackers gaining access to customer data. These breaches,along with others targeting organizations like Salesforce customers (including Louis Vuitton,Tiffany & Co),Pandora,allianz,Qantas,and Air France-KLM,all through vulnerabilities in Salesforce products. Researchers uncovered evidence suggesting a collaborative relationship between ShinyHunters and Scattered Spider, linking both groups to the wider cybercrime network known as The Com. This highlighted the interconnected nature of cybercriminal operations and the challenges of disrupting these complex networks.
Jaguar Land Rover Attack Causes Production Chaos
In September,UK carmaker jaguar Land Rover (JLR) fell victim to a major cyberattack,allegedly linked to the same actors responsible for previous incidents. The attack significantly disrupted production at the company, and its impact quickly spread to JLR’s suppliers, leading to repeated delays in restarting production lines.
Cl0p Exploits Oracle Vulnerability
From summer onwards, the Cl0p cyber extortion gang targeted numerous organizations, including universities, media outlets in the US, and perhaps some NHS bodies, by exploiting a vulnerability in Oracle E-Business Suite (EBS).Oracle released an out-of-band patch in October to address the remote code execution (RCE) flaw, but the widespread use of EBS meant Cl0p potentially gained access to a vast number of high-value targets.
JLR Attack Declared a Systemic Event
As the disruption from the JLR incident continued into the autumn, the economic consequences became increasingly apparent, contributing to a contraction in the UK’s gross domestic product (GDP). The Cyber Monitoring center (CMC), a cybersecurity non-profit, declared the incident a Category 3 Systemic Event on its ‘hurricane’ scale, estimating the financial cost at approximately £1.9 billion – potentially even higher. The CMC described it as the single most damaging cyberattack ever to hit the UK.
Progress on Reforming the Computer Misuse Act
Despite the challenging cybersecurity landscape, 2025 ended on a positive note with progress toward reforming the outdated Computer Misuse Act (CMA) of 1990. The government announced plans to introduce changes that would provide a statutory defense for ethical hackers, protecting them from prosecution while conducting legitimate security research. Campaigners argued that this change would bolster Britain’s security industry by encouraging responsible vulnerability disclosure.
