Is AI actually reshaping the cyber menace panorama, or is the fixed drumbeat of hype drowning out precise, extra tangible, real-world risks? In response to Picus Labs’ Red Report 2025 which analyzed over a million malware samples, there’s been no vital surge, up to now, in AI-driven assaults. Sure, adversaries are positively persevering with to innovate, and whereas AI will definitely begin enjoying a bigger and bigger position, the newest information suggests {that a} set of well-known techniques, methods, and procedures (TTPs) are nonetheless dominating the sector.
The hype round synthetic intelligence has actually been dominating media headlines; but the real-world information paints a much more nuanced image of which malware threats are thriving, and why. This is a glimpse on the most crucial findings and traits shaping the yr’s most deployed adversarial campaigns and what steps cybersecurity groups must take to answer them.
Why the AI Hype is Falling Brief…at Least For Now
Whereas headlines are trumpeting AI because the one-size-fits-all new secret weapon for cybercriminals, the statistics—once more, up to now—are telling a really totally different story. Actually, after poring over the information, Picus Labs discovered no significant upswing in AI-based techniques in 2024. Sure, adversaries have began incorporating AI for effectivity positive aspects, corresponding to crafting extra credible phishing emails or creating/ debugging malicious code, however they have not but tapped AI’s transformational energy within the overwhelming majority of their assaults up to now. Actually, the information from the Pink Report 2025 exhibits that you would be able to nonetheless thwart the vast majority of assaults by specializing in tried-and-true TTPs.
“Safety groups ought to prioritize figuring out and addressing important gaps of their defenses, reasonably than fixating on the potential affect of AI.” — Picus Pink Report 2025
Credential Theft Spikes Extra Than 3X (8% → 25%)
Attackers are more and more focusing on password shops, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and unfold inside networks. This threefold bounce underscores the pressing want for ongoing and sturdy credential administration mixed with proactive menace detection.
Trendy infostealer malware orchestrates multi-stage fashion heists mixing stealth, automation, and persistence. With authentic processes cloaking malicious operations and precise day-to-day community visitors hiding nefarious information uploads, unhealthy actors can exfiltrate information proper below your safety crew’s proverbial nostril, no Hollywood-style “smash-and-grab” wanted. Consider it because the digital equal of a superbly choreographed housebreaking. Solely the criminals do not peel out in a getaway automobile; they lurk silently, awaiting your subsequent misstep or opening.
93% of Malware Makes use of at Least One Prime 10 MITRE ATT&CK Approach
Regardless of the expansive MITRE ATT&CK® framework, most adversaries follow a core set of TTPs. Among the many Prime 10 ATT&CK methods offered within the Pink Report, the next exfiltration and stealth methods stay essentially the most used:
The mixed impact? Reputable-seeming processes use authentic instruments to gather and transmit information over broadly used community channels. Not surprisingly, these methods may be troublesome to detect by signature-based strategies alone. Nonetheless, utilizing behavioral evaluation, notably when a number of methods are used to observe and correlate information collectively, makes it far simpler to identify anomalies. Safety groups must concentrate on searching for malicious exercise that seems nearly indistinguishable from regular community visitors.
Again to Fundamentals for a Higher Protection
As we speak’s threats typically chain collectively quite a few assault phases to infiltrate, persist, and exfiltrate. By the point one step is recognized, attackers might have already got moved on to the following. So, whereas the menace panorama is undeniably refined, the silver lining uncovered within the Pink Report 2025 is reasonably easy: most present malicious exercise really revolves round a small set of assault methods. By doubling down on fashionable cyber safety fundamentals, corresponding to rigorous credential safety, superior menace detection, and steady safety validation, organizations can confidently ignore the tsunami of AI hype for now and focus as an alternative on confronting the threats which might be really focusing on them immediately.
Able to Reduce Via the AI Hype and Strengthen Your Defenses?
Whereas the headlines are fixated on AI, Picus Safety, the pioneer of Breach and Attack Simulation (BAS) since 2013, is intently centered on the strategies and methods attackers are literally utilizing: tried-and-true TTPs. The Picus Safety Validation Platform repeatedly assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential safety and speedy menace detection.
Able to see the distinction for your self? Download the Picus Red Report 2025 or go to picussecurity.com to learn to tune out the hype and preserve actual threats at bay.
Be aware: This text was written by Dr. Suleyman Ozarslan, co-founder of Picus Safety and VP of Picus Labs, the place simulating cyber threats and strengthening organizations’ defenses are what we do day-after-day.
Source link