Attacks and targets will change over time in 2025, say industry observers.
"Networks will no longer just be used to connect. As more devices and services get connected, the risk and sophistication of attacks become greater," noted Tay Bee Kheng, President, ASEAN, Cisco.
"For example, social engineering attacks are more accessible given the amount of data that people share online with different platforms. Supply chain attacks also pose a problem, given the complicated web of technology suppliers that many businesses use in their operations. Advances in areas like quantum computing will further complicate the landscape. All of this will push cybersecurity to move at machine scale.
"The network will emerge as a crucial pillar in managing workloads and serving as both the first and last line of security defence. This will become increasingly important as attackers conduct lateral movement attacks where they use one entry point to infiltrate the rest of the network to penetrate deeper into organisational systems."
Prompt injections
A prompt injection breach will lead to AI disillusionment, predicted Imperva, a Thales company. "Generative AI has introduced a groundbreaking application: the natural language interface to data. However, this innovation brings a new threat vector - prompt injections - for which there is little to no security currently available," shared Nanhi Singh, Chief Customer Officer and GM, Application Security, Imperva.
“In 2025, a leading global company is likely to lose significant intellectual property due to a prompt injection breach. It’s likely to plunge AI into the ‘trough of disillusionment’ faster than anticipated, as the security risks rattle corporate confidence, (and) undermine the perceived benefits and reliability of AI systems.”
Deepfakes
 |
| Source: MongoDB. Garrett. |
"The role of AI in this landscape will be a vital defence mechanism. AI-powered resilience frameworks that allow organisations to adapt dynamically to complex threats will be crucial in the AI arms race against bad actors. (In 2025), developers will work with AI to increasingly enhance detection, enabling real-time adjustments to secure data flows and protect sensitive systems."
"To further combat deepfake-driven attacks, businesses will start to adopt advanced identity verification strategies, like behavioural analysis and contextual authentication, that go beyond traditional passwords and biometrics. Predictive AI capable of evaluating both technical systems and human behaviours will help organisations adapt swiftly to emerging threats. The future of cybersecurity lies in building agile AI-enhanced defences that address both technical and human vulnerabilities head-on," Garrett predicted.
Deepfakes will unleash a devastating new wave of social engineering attacks, said Exabeam. "No longer just a theoretical risk, video-based deepfakes will continue the trajectory to become imperceptible from reality. This technology will be weaponised in social engineering attacks, allowing criminals to impersonate executives, forge high-stakes transactions, and extract massive payouts from unsuspecting victims. With AI’s ability to provide exceptional deepfakes accessible at the push of a button, the potential for financial fraud will explode, forcing organisations to rethink how they verify identity in an increasingly deceptive world," said Steve Povolny, Senior Director, Security Research & Competitive Intelligence, Exabeam.
Rob Le Busque, Regional VP at Verizon Business APAC, also said deepfake technology will become the go-to tool for cybercriminals, "blurring the line between reality and deception in phishing scams". "With the technology being highly accessible, the increasing availability of open-source software makes it easier for bad actors to use in social engineering and phishing scams. Specifically, the Asia-Pacific region has experienced a staggering 1,530% surge in deepfake cases from 2022 to 2023," he said.
"AI-driven fraud remains the most prominent challenge across various industries, with the crypto sector being the main target, followed closely by fintech. The primary barriers to widespread adoption have been access to generative AI platforms and the cost of processing power (GPU availability), but these obstacles are quickly diminishing."
A news network may even be caught using deepfake content, predicted iProov. "Deepfakes will pose a significant threat to the integrity of news and media. A major broadcaster will admit that a recent interview featured a deepfake, which will spark widespread concern about the impact of AI-generated media on journalism and information integrity. Such will be the shockwaves that we will see calls for new content attribution technologies and stronger media literacy initiatives," said the company, which provides biometric identity solutions."The incident will serve as a stark reminder of the challenges faced in the age of deepfakes and the need to safeguard information integrity."
There may need to be independent verification assurance, said DigiCert in a list of 2025 predictions. "In an era of deepfakes and digital misinformation, the Coalition for Content Provenance and Authenticity (C2PA) is set to redefine how we verify digital content. Expect to see C2PA’s Content Credential icon become commonplace on images and videos to enhance trust across media platforms," stated DigiCert.
Phishing
"Phishing continues to be an effective method for Identity-based attacks, and we don’t expect that to change just yet. In fact, we’re increasingly seeing scammers using advanced phishing kits — virtual toolboxes of resources designed to make attacks much easier to launch and repeat," said Brett Winterford, Regional Chief Security Officer, Asia Pacific & Japan, Okta.
"In 2025, these kits will evolve to make phishing even harder to detect. For example, some kits are now able to bypass impossible travel flags, using residential proxies to spoof the real user’s location."
Winterford advised: "To combat tactics like these, we strongly recommend that organisations adopt phishing-resistant authentication and block requests from anonymising services."
Device-based attacks
"Sometimes a prominent security incident can cause a widespread shift in strategies. That happened in 2022, when a collective of hackers known as Scatter Swine used social engineering and credential phishing to bypass multifactor authentication (MFA) and access information about more than 100 companies. We studied nearly three dozen of these targeted companies, and found that nearly all of them adopted strong phishing-resistant authenticators in the wake of the attack," Winterford shared.
"While embracing phishing resistance is critical, it isn’t sufficient. Because when persistent attackers can no longer rely on phishing as a tactic, they’ll pivot to something else.
"We’re already seeing a shift to device-based attacks, with hackers working to compromise users’ phones, laptops, and networks. They might trick a user into installing malware, for example, and then steal their login credentials so they can access sensitive systems and data within the user’s company. Or they’ll initiate a cross-device authentication attack, setting up a connection between their own device and the one they’ve just compromised so they can forward authentication requests to themselves and impersonate that user to gain access."
There are ways to thwart device-based attacks, Winterford added. "By establishing device trust, organisations can thwart device-based attacks by ensuring only authorised people and technology can access specific resources. And by integrating with endpoint detection and response (EDR) services, you can protect against threats like malware and ransomware thanks to always-on monitoring of end users’ devices," he said.
Software supply chain attacks
In 2025, securing the software supply chain will be a top priority, especially after major breaches like SolarWinds and the rise of software supply chain attacks, said Thales. The company predicted that organisations will conduct deeper security assessments on their third-party vendors, including cloud providers, to ensure their software and services are secure.
“With the proliferation of data via collaboration platforms, companies will need to focus on file activity monitoring and data watermarking to protect sensitive information. Supply chain security will also be a significant concern, as vulnerabilities in the supply chain can lead to widespread security breaches. The generation of personal data by users through various apps and services will increase the risk of data exposure, necessitating stronger data protection measures,” predicted Todd Moore, VP, Data Security Products, Thales.
Open source supply chain attacks
The increasing complexity and interconnectedness of software supply chains, the trust placed in open-source software and the often-limited security measures for open source projects make this method attractive to cybercriminals, noted Imperva, citing the XZ Utils SSH attack in February 2024. Malicious actors introduced backdoors into widely-used open-source libraries, compromising the security of systems that rely on the libraries.
“In 2025, we are likely to witness a significant open-source supply chain attack, similar to the XZ Utils SSH attack, but with a higher probability of success. To reduce the risk of such attacks, organisations need a multilayered security approach. This includes implementing stringent security measures like regular code audits, automated vulnerability scanning, and robust access controls, alongside sharing threat intelligence and best practices within the cybersecurity community," said Singh from Imperva.
"Additionally, maintaining a clear inventory of all software components and their dependencies helps quickly identify and address vulnerabilities.”
Business processes as targets
Winterford also pointed out that attacks can begin outside of the technology infrastructure. "Not all security threats to your business will involve vulnerabilities in your tech stack. Instead, some clever attackers will look to exploit weaknesses in your business processes. For example, they might call your IT help desk pretending to be a new employee, so they can gather information about the software your workforce uses," he elaborated.
"Over time, this approach can provide an attacker with a detailed profile of how your company works, so they’ll be even more convincing the next time they try to impersonate one of your employees."
"Educating your workforce to be vigilant for unusual or unauthorised activity can help prevent this type of attack. Organisations should also implement robust processes to verify their remote workforce, including using Identity verification vendors that can verify employees during critical moments of the user lifecycle," Winterford recommended.
Living off the land
"In 2025, we can expect a rise in 'living
off the land' attacks, where attackers exploit legitimate tools and
processes within an organisation’s network to avoid detection. As
geopolitical tensions rise, cybercriminals from nations like Russia,
China and Iran may increase their use of this technique, spreading
across networks, establishing multiple backdoors and ensuring they can
re-enter if initial access points are cut off," said Kevin Kirkwood,
CISO, Exabeam.
"As these attacks grow more sophisticated, organisations will need to refine their ability to distinguish between normal operations and subtle deviations, focusing on baseline behaviour and anomaly detection. Law enforcement and cybersecurity agencies...will need to bolster their efforts to counter these evolving threats, ensuring they can anticipate and mitigate such stealthy incursions."
On the defence front, Mastercard thinks passkeys will grow in popularity. "The adoption of passkeys — passwordless authentication most often powered by users’ biometrics — is propelling this and will gain momentum in 2025. We’ll start to see digital identity fueling experiences in healthcare, education and public services, where people will be able to selectively share their identity with anyone, without friction and with privacy at the centre."
Security transformation
Grant Bourzikas, Chief Security Officer, Cloudflare said that vendor lock-in is a crutch that will lead to increasing breaches in 2025. "Organisations must start their security transformation journeys. The deeply-rooted foothold that vendors have in organisations’ environments has become one of the main drivers of complexity," he said.
"The bottom line is that complexity creates chaos, and chaos distracts from the real priorities when it comes to securing an organisation. Being held hostage by a vendor, to a point where moving off of them seems impossible, is the moment they begin to help shift the balance of power back in favour of threat actors."
Bourzikas noted that the hyperfocus on digital transformation over the past few years – which has led to implementing many new tools and working with many vendors across the organisation to rapidly innovate – "has left security in the dark".
"In 2025, we will feel the full weight of having fallen victim to the cycle: shiny new tools, Wall Street's buy-in, rush to implement, repeat. We must now shift focus to security transformation, and begin to remove the tools and vendors that are causing complexity vs furthering innovation," he advised.
Explore
There is a post on AI and security as well.
Read a contributed byline on deepfakes at https://techtouchasia.blogspot.com/2025/01/beyond-authentication-guarding-against.html
Hashtag: #2025Predictions
No comments:
Post a Comment