Is AI actually reshaping the cyber menace panorama, or is the fixed drumbeat of hype drowning out precise, extra tangible, real-world risks? Based on Picus Labs’ Pink Report 2025 which analyzed over a million malware samples, there’s been no vital surge, to date, in AI-driven assaults. Sure, adversaries are positively persevering with to innovate, and whereas AI will definitely begin taking part in a bigger and bigger function, the most recent information suggests {that a} set of well-known ways, strategies, and procedures (TTPs) are nonetheless dominating the sector.
The hype round synthetic intelligence has actually been dominating media headlines; but the real-world information paints a much more nuanced image of which malware threats are thriving, and why. This is a glimpse on the most crucial findings and tendencies shaping the yr’s most deployed adversarial campaigns and what steps cybersecurity groups have to take to answer them.
Why the AI Hype is Falling Quick…at Least For Now
Whereas headlines are trumpeting AI because the one-size-fits-all new secret weapon for cybercriminals, the statistics—once more, to date—are telling a really totally different story. Actually, after poring over the info, Picus Labs discovered no significant upswing in AI-based ways in 2024. Sure, adversaries have began incorporating AI for effectivity features, akin to crafting extra credible phishing emails or creating/ debugging malicious code, however they have not but tapped AI’s transformational energy within the overwhelming majority of their assaults to date. Actually, the info from the Pink Report 2025 exhibits you could nonetheless thwart nearly all of assaults by specializing in tried-and-true TTPs.
“Safety groups ought to prioritize figuring out and addressing crucial gaps of their defenses, relatively than fixating on the potential affect of AI.” — Picus Pink Report 2025
Credential Theft Spikes Extra Than 3X (8% → 25%)
Attackers are more and more focusing on password shops, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and unfold inside networks. This threefold bounce underscores the pressing want for ongoing and sturdy credential administration mixed with proactive menace detection.
Trendy infostealer malware orchestrates multi-stage type heists mixing stealth, automation, and persistence. With legit processes cloaking malicious operations and precise day-to-day community visitors hiding nefarious information uploads, unhealthy actors can exfiltrate information proper underneath your safety workforce’s proverbial nostril, no Hollywood-style “smash-and-grab” wanted. Consider it because the digital equal of a superbly choreographed housebreaking. Solely the criminals do not peel out in a getaway automotive; they lurk silently, awaiting your subsequent misstep or opening.
93% of Malware Makes use of at Least One High 10 MITRE ATT&CK Approach
Regardless of the expansive MITRE ATT&CK® framework, most adversaries keep on with a core set of TTPs. Among the many High 10 ATT&CK strategies offered within the Pink Report, the next exfiltration and stealth strategies stay probably the most used:
The mixed impact? Reputable-seeming processes use legit instruments to gather and transmit information over extensively used community channels. Not surprisingly, these strategies may be tough to detect by signature-based strategies alone. Nevertheless, utilizing behavioral evaluation, significantly when a number of strategies are used to watch and correlate information collectively, makes it far simpler to identify anomalies. Safety groups have to deal with searching for malicious exercise that seems just about indistinguishable from regular community visitors.
Again to Fundamentals for a Higher Protection
As we speak’s threats typically chain collectively quite a few assault levels to infiltrate, persist, and exfiltrate. By the point one step is recognized, attackers might have already got moved on to the subsequent. So, whereas the menace panorama is undeniably refined, the silver lining uncovered within the Pink Report 2025 is relatively easy: most present malicious exercise really revolves round a small set of assault strategies. By doubling down on trendy cyber safety fundamentals, akin to rigorous credential safety, superior menace detection, and steady safety validation, organizations can confidently ignore the tsunami of AI hype for now and focus as an alternative on confronting the threats which can be really focusing on them as we speak.
Able to Minimize By the AI Hype and Strengthen Your Defenses?
Whereas the headlines are fixated on AI, Picus Safety, the pioneer of Breach and Assault Simulation (BAS) since 2013, is intently targeted on the strategies and strategies attackers are literally utilizing: tried-and-true TTPs. The Picus Safety Validation Platform repeatedly assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential safety and speedy menace detection.
Able to see the distinction for your self? Obtain the Picus Pink Report 2025 or go to picussecurity.com to learn to tune out the hype and hold actual threats at bay.
Word: This text was written by Dr. Suleyman Ozarslan, co-founder of Picus Safety and VP of Picus Labs, the place simulating cyber threats and strengthening organizations’ defenses are what we do daily.