Is AI actually reshaping the cyber risk panorama, or is the fixed drumbeat of hype drowning out precise, extra tangible, real-world risks? In keeping with Picus Labs’ Purple Report 2025 which analyzed over a million malware samples, there’s been no important surge, to date, in AI-driven assaults. Sure, adversaries are undoubtedly persevering with to innovate, and whereas AI will definitely begin enjoying a bigger and bigger function, the most recent information suggests {that a} set of well-known ways, strategies, and procedures (TTPs) are nonetheless dominating the sphere.
The hype round synthetic intelligence has actually been dominating media headlines; but the real-world information paints a much more nuanced image of which malware threats are thriving, and why. Here is a glimpse on the most important findings and traits shaping the yr’s most deployed adversarial campaigns and what steps cybersecurity groups have to take to answer them.
Why the AI Hype is Falling Quick…at Least For Now
Whereas headlines are trumpeting AI because the one-size-fits-all new secret weapon for cybercriminals, the statistics—once more, to date—are telling a really completely different story. In reality, after poring over the information, Picus Labs discovered no significant upswing in AI-based ways in 2024. Sure, adversaries have began incorporating AI for effectivity features, corresponding to crafting extra credible phishing emails or creating/ debugging malicious code, however they have not but tapped AI’s transformational energy within the overwhelming majority of their assaults to date. In reality, the information from the Purple Report 2025 reveals which you could nonetheless thwart the vast majority of assaults by specializing in tried-and-true TTPs.
“Safety groups ought to prioritize figuring out and addressing vital gaps of their defenses, reasonably than fixating on the potential affect of AI.” — Picus Purple Report 2025
Credential Theft Spikes Extra Than 3X (8% → 25%)
Attackers are more and more focusing on password shops, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and unfold inside networks. This threefold bounce underscores the pressing want for ongoing and sturdy credential administration mixed with proactive risk detection.
Trendy infostealer malware orchestrates multi-stage fashion heists mixing stealth, automation, and persistence. With reliable processes cloaking malicious operations and precise day-to-day community visitors hiding nefarious information uploads, dangerous actors can exfiltrate information proper underneath your safety staff’s proverbial nostril, no Hollywood-style “smash-and-grab” wanted. Consider it because the digital equal of a wonderfully choreographed housebreaking. Solely the criminals do not peel out in a getaway automobile; they lurk silently, awaiting your subsequent misstep or opening.
93% of Malware Makes use of at Least One High 10 MITRE ATT&CK Method
Regardless of the expansive MITRE ATT&CK® framework, most adversaries keep on with a core set of TTPs. Among the many High 10 ATT&CK strategies supplied within the Purple Report, the next exfiltration and stealth strategies stay essentially the most used:
The mixed impact? Reputable-seeming processes use reliable instruments to gather and transmit information over extensively used community channels. Not surprisingly, these strategies will be tough to detect by way of signature-based strategies alone. Nevertheless, utilizing behavioral evaluation, significantly when a number of strategies are used to observe and correlate information collectively, makes it far simpler to identify anomalies. Safety groups have to deal with in search of malicious exercise that seems nearly indistinguishable from regular community visitors.
Again to Fundamentals for a Higher Protection
Immediately’s threats usually chain collectively quite a few assault phases to infiltrate, persist, and exfiltrate. By the point one step is recognized, attackers could have already got moved on to the subsequent. So, whereas the risk panorama is undeniably refined, the silver lining uncovered within the Purple Report 2025 is reasonably simple: most present malicious exercise really revolves round a small set of assault strategies. By doubling down on fashionable cyber safety fundamentals, corresponding to rigorous credential safety, superior risk detection, and steady safety validation, organizations can confidently ignore the tsunami of AI hype for now and focus as a substitute on confronting the threats which can be really focusing on them at present.
Able to Lower Via the AI Hype and Strengthen Your Defenses?
Whereas the headlines are fixated on AI, Picus Safety, the pioneer of Breach and Assault Simulation (BAS) since 2013, is intently centered on the strategies and strategies attackers are literally utilizing: tried-and-true TTPs. The Picus Safety Validation Platform repeatedly assesses and fortifies organizations’ defenses, emphasizing fundamentals like credential safety and speedy risk detection.
Able to see the distinction for your self? Obtain the Picus Purple Report 2025 or go to picussecurity.com to learn to tune out the hype and hold actual threats at bay.
Be aware: This text was written by Dr. Suleyman Ozarslan, co-founder of Picus Safety and VP of Picus Labs, the place simulating cyber threats and strengthening organizations’ defenses are what we do day-after-day.
