Securing The Artificial Future: Trend Micro Security Predictions for 2025
Welcome to Trend Micro’s monthly newsletter, The Strategic CISO. Discover the latest and most popular blogs from Research, News, and perspectives, a dedicated space for the latest strategic insights, best practices, and research reports to help security leaders better understand, communicate, and minimize cyber risk across the enterprise.
Our goal is to inform security leaders about best practices, the latest industry insights, and more. Let us know what you would like to see from The Strategic CISO newsletter.
Al Age Scams: Deepfakes, Malicious Digital Twins, and Al Tools Abound
Deepfakes are poised to be the biggest AI-related threat because of the vast potential for misuse. Criminals have yet to plumb their full potential, and we predict they will use deepfakes in new scams and criminal schemes in 2025. Popular or common social engineering scams will become even more believable with the use of deepfakes, while LLM trained on a person’s public posts can mimic their writing style, knowledge and personality.
These AI-enabled techniques make for dangerously convincing impersonations to target unwitting victims. We also predict the continuation of AI-based semi-automated scams. For corporations, BEC and ''fake employee'' scams should be the most concerning. Bypass-KYC-as-a-service has been popular in the underground for a few years already, sustained by three elements: unintentionally exposed biometrics, leaked and breached PII (particularly from ransomware attacks), and the growing capabilities of AI. This avenue of attack will continue for scammers.
In terms of AI targets — malicious individuals are likely to exploit vulnerabilities in AI systems to manipulate them into carrying out harmful or unauthorized actions with the appearance of digital entities based on persons impersonated without their awareness, or even with entirely new identities. We will keep seeing new uses for this new technology as it advances, and as criminal actors keep finding new social engineering uses for it, such as building phishing kits that are tailored to specific events. AI helps attackers be more efficient and timelier with the delivery of these toolkits. We have seen it with the recent US elections, and it will likely get more common.
AI-enabled cybercrime and malicious activity to watch out for:
Find out more on AI age scams in our full report, "The Easy Way In/Out: Securing The Artificial Future, Trend Micro Security Predictions for 2025"
AI For Enterprise: Automation Will Cloak Flaws From Human Eyes
As AI becomes more agentive and begins using enterprise tools and computers autonomously, it creates a chain of events and interactions that are invisible to human operators. This lack of visibility can be a security concern as it will be a struggle to monitor and control the agents’ actions in real time.
As enterprises inevitably enter the AI race, they may expose themselves to more vulnerabilities and flaws. Sensitive information disclosure is a growing concern in that LLMs risk exposing sensitive data during interactions with employees and customers, including personal identifiable information and intellectual property.
More companies are using AI to discover infrastructure vulnerabilities, increasing both the number of identified vulnerabilities, and, potentially, the risk of exploitation. The AI agents will also become more attractive to malware authors. There is great potential for unauthorized or malicious activities carried out by misguided autonomous agents, including "agent hijacking" by external actors. Traditional malware and known threat detection will shift left toward vulnerability and attack surface management, while also shifting right towards leveraging foundational data intelligence.
System resource consumption by AI agents, whether benign or malicious, can also lead to denial-of-service when resources are overwhelmed.
Enterprises adopting agentive AI should beware of
Read more in the full report here.
Vulnerabilities in Memory Management and Mobility Innovation
Memory management vulnerabilities, such as Out-of-Bounds (OOB) Write/Reads, continue to be exploited by threat actors; the CISA KEV reported 18 different OOB Write vulnerabilities exploited this year. Memory management bugs (CWE-787 and CWE-125) are among the top most dangerous vulnerabilities based on severity and frequency as analyzed by MITRE. Memory management and memory corruption bugs will likely continue to be favorites of attackers in the coming year. Memory corruption and logic bugs are often combined to create winning Pwn2Own entries.
领英推荐
In 2025, we expect to see bug chains continue to be prevalent while bugs in APIs create problems for cloud resources. We also expect more container escapes. We had a Docker escape demonstrated this year, and more are sure to follow.
However, older, simpler vulnerabilities like cross-site scripting (XSS) and SQL injections continue to be popular and will continue to be targeted for as long as they exist. This is especially true for operational technology devices and services that security experts have yet to scrutinize. Older techniques continue to be effective like simple buffer overflows and command injection exploits remain popular for devices like printers and Wi-Fi cameras, as these devices were not built with security in mind. Despite the advancement that AI offers, these classic avenues of least resistance will continue being useful for cybercriminals who want maximum profit for the least amount of effort.
Risks in mobility game changers
Find out more in the full report, "The Easy Way In/Out: Securing The Artificial Future, Trend Micro Security Predictions for 2025"
Ransomware: Secure Legitimate Tools and Applications Against Fresh Torrent of Ransomware Attacks
2024 saw a rise in ransomware groups leveraging legitimate tools for data exfiltration, credential collection and replication, which can make it easier for attackers to move laterally and escalate privileges. As we move into 2025, legitimate tools will continue to be exploited as cybercriminals realize their potential in disguising attack activity as legitimate and that they already have access to valuable resources, data, and enterprise networks. With the rise of ransomware attacks starting through vulnerabilities or using compromised accounts, attacks that start with phishing will likely go down, suggesting a shift in techniques for ransomware gangs. More successful attacks from our recent investigations used compromised accounts to connect to a machine in the environment, while other cases saw the attacker bypassing multi-factor authentication (MFA) mechanisms. Ransomware attacks could also drift towards business models that no longer necessitate encryption.
As ransomware groups evolve in their technique of leveraging legitimate tools, organizations should not only rely on malicious files and hash detections but also monitor behavior across layers. Enterprises should opt for solutions that provide enhanced visibility and correlated detection across multiple layers, ensuring that incidents with the potential to cause significant system damage can be addressed as early as possible. Organizations can stay on top of threats by subscribing to CTI platforms to gain insights and information on the tactics, techniques, and procedures of cyberattacks, to prepare prevention and mitigation protocols.
Ransomware attacks will see a rise in the use of
Learn more in the full 2025 Predictions report here.
Attack Tool Trends: More Efficient Information Harvesting and Malvertising Assaults
In the past, we have seen a one-to-one ratio between loaders and info stealers, where one loader will install just one infostealer, but we have started seeing multiple infostealers installed by a single loader. Information harvested by such threats are useful for threat actors and enable them to carry out other attacks. Ransomware groups will continue to use this as a key part of their attacks: utilize information, such as user accounts harvested by infostealers, in their ransomware attacks.
Malvertising threats have been thrust into the spotlight partly because of the widespread proliferation of infostealers that use this arrival technique, which could lead to attackers seeing its potential for other campaigns. We have already seen ransomware groups use this to get a foothold in a target environment. The stealth mechanisms described in the previous section show how threat actors can innovate and elevate the technique to make it more effective in gaining initial access. In 2025 we predict this trend will continue.
Find out more on this trend in our full report, "The Easy Way In/Out: Securing The Artificial Furture, Trend Micro Security Predictions for 2025"
Before You Go:
Wrap Up - Malicious actors will go full throttle in mining the potential of AI in making cybercrime easier, faster, and deadlier. But this emerging and ever-evolving technology can also be made to work for enterprise security and protection by harnessing it for threat intelligence, asset profile management, attack path prediction and remediation guidance. As SOCs catch up to secure innovations still and yet unraveling, protecting enterprises from tried and tested modes of attack remains essential. While innovation makes for novel ways to strike, criminals will still utilize what is easy and what has worked for them for years.
Read over all of our 2025 security predictions here.
Great to See!