Is AI actually reshaping the cyber menace panorama, or is the fixed drumbeat of hype drowning out precise, extra tangible, real-world risks? Based on Picus Labs’ Red Report 2025 which analyzed over a million malware samples, there’s been no vital surge, to this point, in AI-driven assaults. Sure, adversaries are positively persevering with to innovate, and whereas AI will definitely begin taking part in a bigger and bigger function, the newest information suggests {that a} set of well-known ways, methods, and procedures (TTPs) are nonetheless dominating the sector.
The hype round synthetic intelligence has actually been dominating media headlines; but the real-world information paints a much more nuanced image of which malware threats are thriving, and why. This is a glimpse on the most important findings and tendencies shaping the yr’s most deployed adversarial campaigns and what steps cybersecurity groups must take to answer them.
Why the AI Hype is Falling Brief…at Least For Now
Whereas headlines are trumpeting AI because the one-size-fits-all new secret weapon for cybercriminals, the statistics—once more, to this point—are telling a really completely different story. Actually, after poring over the information, Picus Labs discovered no significant upswing in AI-based ways in 2024. Sure, adversaries have began incorporating AI for effectivity good points, resembling crafting extra credible phishing emails or creating/ debugging malicious code, however they have not but tapped AI’s transformational energy within the overwhelming majority of their assaults to this point. Actually, the information from the Crimson Report 2025 exhibits which you can nonetheless thwart nearly all of assaults by specializing in tried-and-true TTPs.
“Safety groups ought to prioritize figuring out and addressing essential gaps of their defenses, relatively than fixating on the potential affect of AI.” — Picus Crimson Report 2025
Credential Theft Spikes Extra Than 3X (8% → 25%)
Attackers are more and more concentrating on password shops, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and unfold inside networks. This threefold bounce underscores the pressing want for ongoing and strong credential administration mixed with proactive menace detection.
Trendy infostealer malware orchestrates multi-stage type heists mixing stealth, automation, and persistence. With legit processes cloaking malicious operations and precise day-to-day community site visitors hiding nefarious information uploads, unhealthy actors can exfiltrate information proper below your safety group’s proverbial nostril, no Hollywood-style “smash-and-grab” wanted. Consider it because the digital equal of a superbly choreographed housebreaking. Solely the criminals do not peel out in a getaway automotive; they lurk silently, awaiting your subsequent misstep or opening.
93% of Malware Makes use of at Least One High 10 MITRE ATT&CK Approach
Regardless of the expansive MITRE ATT&CK® framework, most adversaries follow a core set of TTPs. Among the many High 10 ATT&CK methods offered within the Crimson Report, the next exfiltration and stealth methods stay probably the most used:
The mixed impact? Reputable-seeming processes use legit instruments to gather and transmit information over broadly used community channels. Not surprisingly, these methods may be troublesome to detect via signature-based strategies alone. Nevertheless, utilizing behavioral evaluation, significantly when a number of methods are used to watch and correlate information collectively, makes it far simpler to identify anomalies. Safety groups must give attention to searching for malicious exercise that seems just about indistinguishable from regular community site visitors.
Again to Fundamentals for a Higher Protection
Immediately’s threats typically chain collectively quite a few assault phases to infiltrate, persist, and exfiltrate. By the point one step is recognized, attackers could have already got moved on to the following. So, whereas the menace panorama is undeniably subtle, the silver lining uncovered within the Crimson Report 2025 is relatively easy: most present malicious exercise really revolves round a small set of assault methods. By doubling down on trendy cyber safety fundamentals, resembling rigorous credential safety, superior menace detection, and steady safety validation, organizations can confidently ignore the tsunami of AI hype for now and focus as a substitute on confronting the threats which are really concentrating on them right this moment.
Able to Lower By way of the AI Hype and Strengthen Your Defenses?
Whereas the headlines are fixated on AI, Picus Safety, the pioneer of Breach and Attack Simulation (BAS) since 2013, is intently targeted on the strategies and methods attackers are literally utilizing: tried-and-true TTPs. The Picus Safety Validation Platform constantly assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential safety and fast menace detection.
Able to see the distinction for your self? Download the Picus Red Report 2025 or go to picussecurity.com to discover ways to tune out the hype and maintain actual threats at bay.
Notice: This text was written by Dr. Suleyman Ozarslan, co-founder of Picus Safety and VP of Picus Labs, the place simulating cyber threats and strengthening organizations’ defenses are what we do daily.
