IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Phishing
#
Advanced Persistent Threat Protection

Red Canary warns of surge in identity & AI threats for 2025

Yesterday
Author image
By Catherine Knowles, Journalist

Red Canary has published its 2025 Threat Detection Report, revealing significant developments in the realm of cybersecurity over the past year.

The report analysed nearly 93,000 threats detected from over 308 petabytes of security data. A notable finding was the quadrupling of identity attacks compared to the previous year, 2024, indicating a surge in attacks exploiting cloud-native and identity-enabled techniques.

Keith McCammon, Co-founder and Chief Security Officer at Red Canary, noted, "2024 marked the rise of cloud-native and identity-enabled attacks, with three of the top five techniques we detected falling into these categories. This highlights the immense value adversaries place on identities - compromise one, and they gain access to countless systems."

"Unfortunately, the rise of identity and access management (IAM) and identity providers hasn't deterred adversaries. Instead, it has made centralised identities even more lucrative targets as once compromised, adversaries can gain access to numerous disparate systems. Organisations must recognise identities as a frontline for defence and strengthen their security posture to stay ahead of adversaries."

The report highlights several emerging cyber threats, including "ClickFix" or "fakeCAPTCHA", a new access technique involving social engineering to trick users into executing malicious scripts. Additionally, there was a significant rise in macOS malware detections, although infections drastically dropped after Apple addressed a bypass vulnerability.

Another significant trend identified in the report is "LLMJacking," where adversaries target cloud-based AI services. These attackers exploit and hijack AI models, selling them as their own Software as a Service, whilst also transferring usage costs to the victim.

The prevalence of info-stealing malware remains a significant concern, with LummaC2 being the most detected in 2024. This malware operates as a service and ranges in cost from $250 per month to a one-time $20,000 fee, making it accessible to a variety of adversaries looking to gain illegal access to user credentials.

Red Canary's examination also pointed to a notable increase in Remote Monitoring and Management (RMM) tool exploitation. These tools, including NetSupport Manager, were increasingly used for command, control, and as a method to deploy malicious payloads like ransomware.

Within the educational sector, there was a disproportionately high use of VPNs, with 63 percent of all VPN detection linked to this field, suggesting a potential hotspot for VPN-related security breaches.

Phishing remained a widespread method of attack with various formats like email, SMS, and QR codes - referred to as "quishing". In one such method, attackers masqueraded as IT support personnel to trick victims into downloading harmful software.

The report also offers recommendations for organisations seeking to fortify their defences amidst these evolving threats. Key advisories include limiting unauthorised VPN usage, managing centralised identity solutions vigilantly, prioritising timely patching of vulnerabilities, ensuring correct configurations of cloud systems, and regularly assessing and testing organisational defences using tools like Red Canary's Atomic Red Team.

McCammon added, "This year's report makes clear that the malware-as-a-service ecosystem has fully matured and is operating at a similar level to the legitimate software industry. The sheer accessibility of the tools that adversaries can use to compromise organisations has led to an explosion in attack volume, overwhelming security teams. AI is becoming an essential tool for helping analysts cut through the noise and focus on threats that matter. By streamlining workflows and augmenting human expertise, AI enables security teams to detect and respond to threats faster, preventing adversaries from gaining an advantage."

The extensive analysis provided by Red Canary is intended to support security practitioners in enhancing their understanding of cyber threats for improved prevention, mitigation, and response strategies.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Vivek Ramachandran to discuss cyber threats in Singapore
Why ClickFix attacks are outpacing enterprise security
Google’s USD $32B Wiz acquisition sparks concerns over cloud security neutrality
Orange Cyberdefense earns global recognition for XSIAM
Westcon-Comstor & Claroty join forces for ASEAN security
Top stories
NVIDIA outlines AI & chip strategies for future growth
AI growth challenges data security in major enterprises
Talkdesk launches AI agents for advanced voice self-service
Rimini Street earns Great Place to Work certification globally
NVIDIA GTC: AI Innovation Driving Change in Healthcare and Drug Discovery