2024 Prediction Overview
2024 has seen increased exploitation of vulnerabilities in Apple and Android devices, including those affecting hardware components like processors and kernels, which are often targeted.
Advanced threat actors are building botnets using compromised consumer and corporate software and appliances like routers, firewalls, and IP cameras to launch targeted attacks, steal credentials, and establish covert communication channels.
They are increasingly exploiting vulnerable drivers to gain kernel-level access, which is known as BYOVD and is becoming more prevalent due to ineffective OS defenses and the exploitation of known vulnerabilities in widely used drivers like AppLocker.
2024 saw a 25% increase in APT attacks, with Lazarus APT demonstrating exceptional sophistication, orchestrating carefully planned attacks on cryptocurrency investors involving stolen source code, social media manipulation, and a unique chain of zero-day exploits.
Hacktivist groups are increasingly targeting critical infrastructure and services in geopolitical conflicts, such as the Russo-Ukrainian and Israeli-Hamas wars, which often involving DDoS and data breaches aim to disrupt operations and raise awareness, with expanding target ranges beyond the immediate conflict zones.
2024’s XZ Utils backdoor, though significant, did not lead to a widespread supply chain attack. While the potential for selling compromised network access existed, it was mitigated by community detection.
Generative AI has enabled threat actors to launch more sophisticated phishing attacks, as a recent example involved the Lazarus group using AI-manipulated images to deceive a company’s HR department, gaining unauthorized network access.
MFT systems remained a prime target for cyberattacks in 2024, with vulnerabilities like CVE-2024-0204 and CVE-2024-5806 exploited. While the impact was less severe due to increased security awareness, incidents like the MOVEit breach continued to have long-lasting consequences.
APT Predictions for 2025
Hacktivist groups are increasingly forming alliances, sharing resources, and coordinating attacks, which is escalating cyber threats and enabling more sophisticated and impactful operations.
As a result, organizations must prioritize cybersecurity investments to mitigate the growing risks posed by these well-organized and determined adversaries.
IoT devices, rapidly increasing in number, pose significant security risks, as their reliance on remote servers with unclear security practices, outdated firmware, and vulnerable mobile apps creates numerous attack vectors.
Malicious actors can exploit these vulnerabilities to gain unauthorized access to sensitive data and systems. The lack of visibility and effective countermeasures further exacerbates the situation, making IoT devices a prime target for advanced persistent threats (APTs) in 2025.
They can also exploit social engineering to compromise development environments, often targeting projects maintained by a small number of developers.
APT groups and cybercriminals are increasingly targeting C++ and Go due to their growing popularity in open-source projects. In 2025, SecureList anticipates a surge in malware written in these languages.
Attackers will exploit the strengths and weaknesses of C++ and Go to bypass security measures and compromise systems, making it crucial for organizations to adapt their security strategies to counter these evolving threats.
Deepfake technology, capable of generating realistic synthetic media, is rapidly advancing and becoming more accessible to malicious actors.
APTs are likely to exploit this technology to impersonate high-profile individuals, crafting deceptive messages or videos to compromise targets, which poses a significant threat as human psychology makes it difficult to discern authenticity, especially when familiar voices or faces are involved.
2025 will see increased targeting of AI models and datasets by threat actors, where malicious code or biases could be injected into popular open-source models, making them difficult to detect.
The BYOVD technique, leveraging vulnerable drivers to bypass security and deploy payloads, will continue to be a major threat. Attackers may exploit outdated or third-party drivers to escalate privileges and gain unauthorized access to systems.