Business

Infopercept Releases its Threat Predictions Report for 2025 - Shares Views from an Attacker Perspective

Dec 13, 2024

SMPL
Ahmedabad (Gujarat) [India], December 13: Infopercept, a global platform-led managed security services company, today released a report on the threat predictions for 2025. Titled "Threat Predictions 2025 - An Attacker's POV", the report narrates major security challenges and threat scenarios for the year to come as seen through an attacker's lens and further supplements its key highlights with anecdotal data from various offensive security projects the company carried out during the current year. The report explores how various primary security issues such as known vulnerabilities, misconfigurations, dark web exposure, poor credentials management and other forms of ordinary threat exposures still continue to plague cyber risk and data privacy concerns at leading organizations, giving cybercriminals enough room and easy access to the crown jewels.
Major highlights of Infopercept's Threat Predictions Report 2025 cover the following:
1. Zero-day threats and attacks appeal more to the headlines, but attackers will continue loving their old favourites - the report suggests that despite all the usual hype and trending discussions around emerging threats, cyber criminals will always turn to known vulnerabilities, for these are tried and tested tricks in their attack arsenal. According to the report, Infopercept's own offensive security experts could use existing known vulnerabilities to infiltrate client networks in over 90% threat exposure assessments
2. Rise in ransomware attack scenarios bigger concern than the next ransomware attack - ransomware has become attackers' preferred method for obvious reasons and it is not changing. Infopercept's report and findings from the company's offensive security add evidence and reveal how various security lapses and negligence such as absence of MFA, exposed credentials and misconfigurations can let attackers make further inroads into the target network and plant a ransomware attack with ease. As businesses reach the next level of maturity in cloud, AI and digital transformation, such scenarios will rise in numbers to attackers' advantage
3. App appetite vs DevSecOps awareness -
Business pressure to launch applications shall continue to grow, and security is likely to be on the back seat, however doing tick mark activities for DevSecOps and compliance would not be enough. Businesses will feel the need to move beyond DevSecOps model and adopt a broader threat exposure driven approach to product engineering, which places everything at the front, right, left, and center of security, covering organizational risk profile, people and processes
4. AI adoption will grow, and so will be its cyber misuse -
Rapid advancement and adoption of AI augurs well but threat actors abusing and weaponizing AI models will pose new risks that are not fully understood. From using prompt injection to causing data poisoning, attackers will find vulnerabilities in Gen AI to design and deliver crafty threats with speed and accuracy
5. Not every cloud will have a silver lining, as cloud security concerns set to multiply -
The top-down overhaul of business processes and customer experiences driven by cloud-native technologies will reach its next milestone and become more deeply integrated, which will also raise concerns in cloud security misconfiguration, security negligence and errors. In nearly 100% of Infopercept's offensive findings over the past year, sub-optimal security setups and misconfigurations were found as the common loophole in cloud infrastructure
6. Bigger marketplace for CaaS offerings on the dark web -
In addition to using classic tactics, cyber baddies will benefit from a growing marketplace of stolen credentials, automated playbooks with sophisticated components, AI-enhanced attack tools and other Cybercrime-as-a-Service (CaaS) offerings on the dark web. Infopercept's offensive experts were able to locate access credentials for more than 60% customers on the dark web, and hence did not need to perform IP address spoofing or phishing to gain keys to the castle
7. Increased use of LCNC to spark security concerns -
As low-code/no-code (LCNC) technologies become more prevalent, DevSecOps and app sec teams will have to assess potential errors and loopholes like vulnerable components, data leakage, account impersonation by an adversary and misconfigured security settings
8. Cyber tug of war to further escalate -
Cyber risk will compete for attention and resources in the midst of global macroeconomic uncertainty and a broader business risk assessment, limiting resources and increasing vulnerabilities. Various observations made by Infopercept's offensive team, including at large organizations, reveal how poor coordination between IT, security, and business, lack of ownership, and skills shortage continue to thwart exposure management, leaving many critical vulnerabilities "unresolved" that were reported much earlier
"Despite a lot of hype and discussions around the tech buzz words and emerging threats, threat actors will stick to classic tactics, benefitting from continued expansion in attack surfaces, multiplicity of tools and apps and security still struggling with business conflict" said Jaydeep Ruparelia, CEO, Infopercept.
"Having an offensive-first security approach, we have the opportunity to emulate the exact tactics of a modern adversary. We were inspired by the thought of narrating threat predictions from an attacker's perspective as it offers a real-world view into various attack scenarios and threats that are likely to emerge in the year to come. This provides security practitioners with better insights, aiding their security readiness without any bias, overall helping them narrow down their efforts and scarce resources on what will really matter," he further added.
"The year to come will witness an unprecedented rise in threat exposures. Consequently, organizations will have to consider a departure from a tools-based approach that is largely reactive, and mull a holistic security initiative instead. And that should focus on fostering a security culture that's aligned to company goals, viewing cybersecurity as a 24X7 onus, and adopting best practices recommended by technology providers including cloud platforms. Finally thinking holistically also means keeping the keystones of continuous threat assessment, prioritization, validation, and business-focused remediation together. In the absence of these measures and approach, adversaries will have countless opportunities to take advantage of security negligence, cyber skills shortage, misconfigurations, system & infrastructure vulnerabilities, naive users and over-reliance on disruptive technology including automation." Jaydeep explained further.
For more details on the threat predictions by Infopercept's offensive security experts, read the full blog here on Threat Predictions 2025: An Attacker's
About Infopercept:
Infopercept is one of the fastest-growing platform led managed security services company from India, serving global clients in all areas of cybersecurity, including defensive, offensive, detection and response, and security compliance. Infopercept has its own cybersecurity platform, 'Invinsense,' which integrates tools such as SIEM, SOAR, EDR, deception, offensive security, and compliance tools. Its cybersecurity and MDR services include dedicated teams of experts, ensuring that organizations have 24x7 cybersecurity operations support. For more information, please visit www.infopercept.com
(ADVERTORIAL DISCLAIMER: The above press release has been provided by SMPL. ANI will not be responsible in any way for the content of the same)

More news

Rival protests over S Korea's impeached President Yoon Suk Yeol held in Seoul

Seoul [South Korea], December 22: Demonstrators supporting and opposing South Korean President Yoon Suk Yeol held rival protests several hundred metres apart in Seoul on Saturday, a week after he was impeached over his short-lived declaration of martial law.

Dec 22, 2024