"The average e-crime breakout time - the period between initial access and lateral movement onto another system - dropped to 29 minutes, a 65% increase in speed from 2024. One such intrusion undertaken by Luna Moth targeting a law firm moved from initial access to data exfiltration in four minutes."
"Chief among the factors fueling this dramatic acceleration was the widespread abuse of legitimate credentials, which allowed attackers to blend into normal network traffic and bypass many traditional security controls. This was coupled with threat actors of varied motivations utilizing AI technology to accelerate and optimize their existing techniques."
"The cybersecurity company said it observed an 89% increase in the number of attacks by AI-enabled adversaries compared to 2024 and a 42% year-over-year increase in zero-days exploited prior to public disclosure. The vast majority of attacks, 82%, were free of malware - highlighting attackers' enduring shift toward living-off-the-land techniques."
Cybersecurity threats in 2025 have become significantly faster and more sophisticated despite appearing ordinary on the surface. Attack breakout times—the period between initial access and lateral movement—decreased to 29 minutes, representing a 65% speed increase from 2024. Adversaries exploit legitimate credentials to blend into normal network traffic and bypass traditional security controls. Threat actors increasingly leverage AI technology to optimize their techniques, resulting in an 89% increase in AI-enabled attacks. Zero-day exploits increased 42% year-over-year, with China-nexus adversaries targeting edge devices lacking comprehensive monitoring. Notably, 82% of attacks contained no malware, reflecting attackers' shift toward credential-based and living-off-the-land techniques that are harder to detect and remediate.
#cyber-threats-2025 #attack-speed-acceleration #ai-enabled-attacks #credential-abuse #zero-day-exploits
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]