Cybersecurity / Threat intelligence

The M-Trends 2025 report highlights several key cyber threats, including the rise of infostealer malware, the danger of unsecured data repositories, and the evolution of data theft in cloud environments. Additionally, it notes that financially motivated threat groups increased to 55% in 2024, and there was a significant rise in stolen credentials as an initial infection vector[1][2].

Threat actors are evolving their tactics by increasingly targeting cloud environments, using stolen credentials, and exploiting vulnerabilities. This evolution underscores the need for robust security measures, including enhanced cloud security and better credential management. The rise of infostealer malware and the targeting of Web3 technologies also highlight the importance of staying ahead of emerging threats[2][4].

State-sponsored cyber attacks are sophisticated, well-funded cyber operations carried out or supported by nation-states to achieve political, economic, or military objectives. Unlike typical cybercrime, these attacks target critical infrastructure, government agencies, and public sector entities, often remaining undetected for long periods. They are dangerous because of the extensive resources behind them, their potential to cause widespread disruption, steal sensitive data, and inflict long-term damage on essential services such as power grids and healthcare systems.

State-sponsored cyber attacks are a key component of hybrid warfare, which combines conventional military operations with cyber warfare, disinformation campaigns, and covert actions. This approach allows states to weaken adversaries without direct military confrontation by disrupting government operations, financial systems, and communication networks, while also using misinformation and support for insurgencies. The difficulty in attributing these attacks to specific governments makes cyber warfare a low-risk but highly effective tool in geopolitical conflicts.

While AI and LLMs can assist in identifying and responding to cyber threats, they are not a substitute for a strong security culture, realistic security goals, and comprehensive employee training. Cyber threats are evolving rapidly, and attackers use sophisticated tactics that require human judgment, proactive threat hunting, and layered defenses. Overreliance on AI may lead to gaps in security if fundamental practices like access controls, incident response planning, and user awareness are neglected.

Organizations should prioritize building a strong security culture that includes realistic security goals, continuous and comprehensive training for all employees, and the implementation of layered security controls. This includes threat hunting, behavioral analytics, and deception technologies like honeypots to detect early signs of attacks. Additionally, securing third-party access and supply chains is critical, as attackers increasingly target these weaker links. These fundamentals help create resilience against the rising number and sophistication of ransomware and extortion attacks.

Currently, critical vulnerabilities such as CVE-2024-55591 and CVE-2025-24472 are being actively exploited in Fortinet's FortiOS and FortiProxy products. These vulnerabilities allow remote attackers to bypass authentication and gain super-admin privileges, potentially leading to network breaches and ransomware attacks.

To protect against these vulnerabilities, organizations should apply the latest patches provided by Fortinet, implement network segmentation, and enable anti-exploitation features. Additionally, reviewing device configurations and resetting potentially exposed credentials are recommended.

The Verizon Call Filter app had a vulnerability that allowed unauthorized access to incoming call logs for millions of Verizon customers. The flaw was due to the server not validating whether the phone number in the request matched the user's phone number, allowing attackers to craft requests for any Verizon number and retrieve its call history (Connelly, 2025; Cybernews, 2025; BleepingComputer, 2025)[1][2][3].

The exposure of call records poses significant privacy and security risks, particularly for high-profile individuals like politicians, journalists, and those in domestic abuse situations. Attackers could use this data to reconstruct daily routines, identify frequent contacts, and infer personal relationships, potentially leading to physical risk or compromising national security (Connelly, 2025; Malwarebytes, 2025; BleepingComputer, 2025)[1][2][3].

AI-powered attacks are significantly impacting cybersecurity by elevating the sophistication and speed of threats. These attacks can automate vulnerability identification, craft convincing phishing schemes, and adapt in real-time to evade security measures. The primary concerns for organizations include the rapid evolution of AI-driven malware and ransomware, as well as the increased use of deepfakes for social engineering attacks. Organizations must invest in AI-driven security solutions and continuously refine their strategies to stay ahead of these threats[1][2][3].

To defend against AI-powered cyber threats, organizations should deploy AI-driven defensive tools that monitor networks in real-time, train employees to recognize sophisticated phishing attempts, and collaborate with industry partners to share intelligence on emerging threats. Additionally, implementing multi-factor authentication and conducting thorough security audits of third-party vendors can help mitigate risks[2][4][5].

State-sponsored cyberattacks are invasive actions by a nation-state aimed at exploiting another nation's technological infrastructure for political, commercial, or military interests. These attacks are a significant threat because they are highly sophisticated, often targeting critical infrastructure and sensitive data, which can disrupt essential services and compromise national security (Akoto, 2024; CCOE, n.d.; Modern Diplomacy, 2024).

To protect against state-sponsored cyberattacks, businesses should adopt proactive measures such as implementing robust cybersecurity strategies, employing advanced threat intelligence systems, and collaborating with government agencies and industry partners. Regular vulnerability assessments, multi-layered defense mechanisms, and employee training on phishing and DDoS attacks are also crucial (CCoE, n.d.; Modern Diplomacy, 2024).

STIX, or Structured Threat Information eXpression, is a standardized language used to describe cyber threats in a structured format. It enables the sharing of threat intelligence across organizations and supports automation in threat detection and response. However, despite its benefits, STIX faces challenges such as incomplete data usage and incorrect information, which limit its full potential[1][2][3].

The need for solutions beyond STIX arises from the evolving complexity of cyber threats and the limitations of current systems. While STIX provides a standardized format for threat intelligence, it faces challenges like incomplete data usage and timeliness issues. Next-level solutions aim to transform complex threat data into machine-readable formats more efficiently, enhancing analysis and response capabilities[1][4].

The newsletter emphasizes ransomware attacks, vulnerabilities in major software like Fortinet firewalls, and the extradition of cybercriminals involved in ransomware conspiracies. It also discusses the exploitation of vulnerabilities in products from companies like Apple and Microsoft.

Ransomware attacks are a major threat because they encrypt an organization's data and demand payment for decryption, often targeting critical infrastructure and state/local institutions. These attacks are increasingly common due to their monetization potential and the use of sophisticated tactics like phishing and exploitation of software vulnerabilities.

Volt Typhoon is a Chinese state-sponsored advanced persistent threat group known for targeting U.S. critical infrastructure, including energy and telecommunications sectors. It operates by exploiting vulnerabilities in network devices and using living-off-the-land tactics to maintain persistence and evade detection[2][3][4].

The prolonged access by Volt Typhoon highlights significant vulnerabilities in operational technology (OT) networks, posing risks to critical infrastructure. This could lead to future disruptions, especially in geopolitical crises, and underscores the need for enhanced cybersecurity measures to protect these systems[1][3][5].

Nation-state espionage often targets governments, private enterprises, and critical infrastructure. These attacks can compromise intellectual property and trade secrets, posing significant risks for CISOs who must protect their organizations' data and infrastructure. Public-private partnerships and threat intelligence are crucial in countering these threats.

CISOs can prepare by engaging in breach and attack simulations (BAS) to test their defenses against specific threats. They should also collaborate with legal and risk management teams to understand and comply with regulations like CIRCIA, which enhances incident reporting and cybersecurity readiness. Utilizing threat intelligence and public-private partnerships is essential for proactive security measures.

Collaboration is essential in cybersecurity because it helps break down silos within organizations, leading to more comprehensive security measures. It allows for better visibility across departments, reduces human error, and enables faster responses to threats. Collaboration also fosters a culture where security is everyone's responsibility, enhancing overall organizational resilience[1][3][5].

AI significantly impacts cybersecurity by enhancing threat detection and response capabilities. However, AI systems are vulnerable to data-related risks such as poisoning and leakage. Collaboration is crucial in managing these risks by facilitating cross-enterprise information sharing and ensuring that AI development aligns with robust cybersecurity practices[2][4].

Behavior-based detection focuses on identifying unusual patterns in user or system behavior that deviate from normal usage. This approach is particularly effective in detecting insider threats and sophisticated attacks that may evade traditional signature-based detection methods. By analyzing how users, systems, or applications interact with the environment, it flags suspicious activities that could indicate a cyber threat[1][2].

Automation in cyber threat detection enhances response times by streamlining processes such as alert triage and enrichment. It allows organizations to quickly identify and respond to threats, reducing the time between detection and mitigation. Automation also improves security effectiveness by ensuring consistent monitoring and response actions, reducing human error and increasing the speed of incident response[3][5].

Some of the most significant nation-state cyber threats come from countries like Russia, China, Iran, and North Korea. These threats include espionage, destructive attacks on critical infrastructure, and the use of ransomware for both financial gain and to disguise espionage activities. Recent trends show a blurring of lines between nation-state actors and cybercriminals, complicating defense efforts[1][2][3].

Nation-state actors are increasingly leveraging advanced technologies like AI to enhance their cyber operations. This includes using AI for more sophisticated attacks and defenses, as well as employing AI tools to automate tasks and improve the efficiency of their operations. Additionally, AI chatbots are being manipulated for malicious purposes, such as spreading misinformation or conducting phishing attacks[2][3].

Defending against nation-state cyber threats requires a multi-layered approach. This includes implementing robust cybersecurity measures, such as advanced threat detection systems and secure cloud services. Additionally, international cooperation and information sharing are crucial for staying ahead of evolving threats. Organizations should also focus on educating users about potential risks and ensuring that all systems are regularly updated and patched[3][4].