Skip to main content
TD Stories
Cybertrendhero
INNOVATION

Cyber Trends Report

5 minute read
• Oct 29, 2025

In today’s fast-paced and hyperconnected world, cyber risks are no longer just an IT concern, they are a fundamental business risk. The stakes are high: reputation, operations, customer trust, and financial stability are all on the line. As the threat landscape continues to evolve, businesses need to be agile in how they anticipate, detect, and respond.

At TD, we are more than a financial partner—we are committed to supporting your organization's efforts to become more resilient and secure. To deliver on that commitment, we have developed this Cyber Trends Report with you in mind. It serves as a practical, insight-rich resource designed to help you better understand potential risks and make informed decisions in an increasingly complex digital environment.

In this report, you will find highlights of key cyber threats and trends we have observed, from the growing use of AI by malicious actors to sophisticated phishing campaigns, ransomware tactics, and sector-specific vulnerabilities. You will also find actionable insights and best practices that can help strengthen your organization’s cyber readiness.

Whether you are looking to enhance your internal defenses, educate your teams, or simply stay ahead of what’s next, we trust that this report offers timely value to sharpen your strategy.

Together, we can build a more secure digital future.

Woman with her face an AI tech graphic with the other side human

Cyber Threat Landscape 2025

AI-Enhanced Fraud and Deepfakes

What’s New: Generative AI is fueling a wave of hyper-personalized scams and business email compromise (BEC). Deepfake technology is now used to impersonate executives in video calls, with one real-world case involving a $25 million loss via a fake CFO Zoom call.

Industry Insight: GenAI is helping threat actors scale operations and launch attacks in multiple languages, bypassing traditional email filters and evading user suspicion. The report notes the emergence of "scams-as-a-service" using GenAI.

Actions for Commercial Clients:

  • Adopt advanced email filtering and behavioral analytics
  • Train staff on GenAI-enabled phishing and deepfakes
  • Implement smart friction: secondary verifications for high-risk transactions

Supply Chain Attacks & Vendor Concentration Risk

What’s New: Threat actors increasingly exploit critical software components and managed file transfer (MFT) platforms. High-profile vulnerabilities in MOVEit, Cleo, and XZ Utils led to mass data exposure across sectors.

Industry Insight: A breach in a single shared vendor can ripple across dozens of firms. Diversifying vendors may reduce concentration risk but can also introduce less mature partners.

Actions for Commercial Clients:

  • Conduct vendor risk audits
  • Request SBOMs (Software Bill of Materials) from IT suppliers
  • Build incident response plans that include third-party breaches

Ransomware Goes Big-Game Hunting

What’s New: In 2024, the number of attacks declined, but ransom demands reach historic highs—including a record $75 million payout. Ransom-as-a-Service (RaaS) continues to become more professionalized, employing double and triple extortion tactics.

Industry Insight: Financial services, healthcare, government (municipalities) and the education sector remain among the top targets for ransomware operators. RaaS operators quickly rebrand to evade law enforcement and sanctions.

Actions for Commercial Clients:

  • Test ransomware incident response plans
  • Implement strong and secure backups
  • Segment networks and monitor for lateral movement

Distributed Denial-of-Service (DDoS) Attacks Surge Amid Geopolitical Tensions

What’s New: DDoS attacks are increasingly used to disrupt services and distract from more damaging intrusions. Campaigns linked to hacktivists surged around geopolitical flashpoints, impacting firms in APAC, EMEA, and North America.

Industry Insight: Financial services was the most targeted sector for DDoS in 2024, accounting for 34% of attacks (Akamai).

Actions for Commercial Clients:

  • Ensure upstream DDoS protections are active and monitored
  • Run stress tests on key services and Application Programming Interfaces (APIs) to ensure reliability and security
  • Prepare communication, intervention and action plans for outages
Hand holding sphere graphic of symbols

Emerging Technologies & Defensive Priorities

Generative AI & Shadow AI Risks

What’s New: Employees are experimenting with GenAI without oversight (“shadow AI”), exposing firms to data leakage and IP loss. Meanwhile, threat actors use Large Language Models (LLMs)—advanced artificial intelligence tools—to produce convincing phishing emails and malicious code.

Industry Insight: Threat actors aren’t yet using GenAI to discover novel vulnerabilities, but they’re accelerating attack cycles with more polish and scale. AI governance and internal education are now critical.

Actions for Commercial Clients:

  • Create an AI governance policy
  • Monitor AI tool usage and ensure data controls
  • Require human oversight in GenAI use cases

Emerging Technologies & Defensive Priorities

Quantum Computing: The Crypto Clock is Ticking

What’s New: With new quantum chip advancements from Microsoft and Amazon, the risk of current encryption becoming obsolete is real. Threat actors are already harvesting encrypted data to decrypt later.

Industry Insight: Firms that delay quantum readiness risk significant exposure. Post-quantum cryptography (PQC) migration may take years.

Actions for Commercial Clients:

  • Begin inventorying cryptographic assets
  • Prioritize sensitive long-retention data (e.g., loan files)
  • Start piloting NIST-approved PQC algorithms

Nation-State and Hacktivist Attacks

What’s New: Attacks from groups affiliated with China, Russia, Iran, and North Korea are expanding. Financial institutions are often indirect targets due to their dependence on third-party tech or geopolitical positioning.

Industry Insight: North Korean threat actors stole $2.2B in cryptocurrency in 2024 and infiltrated Western financial firms by posing as IT workers. Volt Typhoon (China) and Midnight Blizzard (Russia) conduct pre-positioning campaigns.

Actions for Commercial Clients:

  • Vet remote hires and offshore vendors
  • Watch for misinformation/disinformation threats
  • Engage in tabletop exercises involving geopolitical disruptions

No part of this publication may be reproduced in any form, or referred to in any other publication, without express written permission. All rights reserved. All trademarks are the property of their respective owners. The TD logo and other trademarks are the property of The Toronto-Dominion Bank or a wholly-owned subsidiary, in Canada and/or other countries.

©2025, TD Bank, N.A.

Want to learn more about Innovation?
AI in Banking: The 24/7 Revolution That’s Reshaping Finance
Sit. Stay. Withdraw Treats: TD Bank's Popular Dog ATMs Coming Soon to 14 More Stores
How Americans View AI in the Workplace – A Tool, Not a Replacement
Join our newsletter

Join our newsletter

Sign up for the latest updates from TD Stories delivered to your inbox twice a week.

See you in a bit

You are now leaving our website and entering a third-party website over which we have no control.

Continue to site Return to TD Stories

Neither TD Bank US Holding Company, nor its subsidiaries or affiliates, is responsible for the content of the third-party sites hyperlinked from this page, nor do they guarantee or endorse the information, recommendations, products or services offered on third party sites.

Third-party sites may have different Privacy and Security policies than TD Bank US Holding Company. You should review the Privacy and Security policies of any third-party website before you provide personal or confidential information.