Q1 2025 Security Trends Report

Q1 2025 Security Trends Report

Below are links to items presented.

State Sponsored Breaches and Embedding:

• https://dailyhodl.com/2025/02/26/bybit-forensic-investigation-determines-1480000000-hack-stemmed-from-vulnerability-in-safe-wallet/
• https://cointelegraph.com/news/safe-wallet-releases-bybit-hack-post-mortem
• https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/
• https://www.cisa.gov/topics/cyber-threats-and-advisories/nation-state-cyber-actors/china
• https://www.justice.gov/archives/opa/pr/seven-hackers-associated-chinese-government-charged-computer-intrusions-targeting-perceived
• https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/

Phishing, Spear-Phishing, Whaling, Vishing, Quishing, and Smishing

• https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html?m=1
• https://consumer.ftc.gov/consumer-alerts/2025/01/got-text-about-unpaid-tolls-its-probably-scam
• https://www.caranddriver.com/news/a64255409/toll-roads-text-scam/

Password Hacking, Account Takeovers and MFA bypass:

• https://www.ibm.com/think/topics/man-in-the-middle
• https://www.coalitioninc.com/topics/what-is-man-in-the-middle-attacks
• https://en.wikipedia.org/wiki/Identity_threat_detection_and_response
• https://www.proofpoint.com/us/threat-reference/identity-threat-detection-and-response-itdr
• https://www.cisa.gov/sites/default/files/publications/fact-sheet-implementing-phishing-resistant-mfa-508c.pdf
• https://fidoalliance.org/

AI, Voice-cloning, Deepfakes, and Vulnerabilities

• https://www.12newsnow.com/article/news/crime/man-warns-of-ai-voice-cloning-scam/502-3c2f4010-5cb1-4f8b-811f-58357b264c15
• https://www.nbcnews.com/tech/security/ai-voice-cloning-software-flimsy-guardrails-report-finds-rcna195131
• https://www.fastcompany.com/91293104/deepfake-scammers-are-hijacking-tiktoks-wellness-craze-to-sell-dubious-health-products
• https://www.bloomberg.com/news/articles/2025-03-07/deepfakes-of-singapore-pm-used-to-sell-crypto-residency-program
• https://www.msn.com/en-in/money/markets/beware-bse-warns-of-deepfake-scamsters-luring-investors-with-stock-market-tips-how-to-avoid-it/ar-AA1Cl0BG

Supply Chain Attacks

• https://www.bbc.com/news/articles/c2kgndwwd7lo
• https://news.sophos.com/en-us/2025/04/01/sophos-mdr-tracks-ongoing-campaign-by-qilin-affiliates-targeting-screenconnect/
• https://www.hipaajournal.com/more-than-one-third-data-breaches-third-party-compromises/
• https://www.reuters.com/business/media-telecom/chinese-hack-us-telecoms-compromised-more-firms-than-previously-known-wsj-says-2025-01-05/
• https://www.cybersecuritydive.com/news/china-backed-hackers-continue-cyberattacks-on-telecom-companies/740066/
• Malicious Chrome Extensions: https://wwww.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/
• Polymorphic Extensions: https://www.youtube.com/watch?v=I5PIfA3JHTY

Ransomware is not just encryption, but also exfil and holding the data hostage

• https://cyberscoop.com/ransomware-groups-pose-as-fake-tech-support-over-teams/
• https://support.microsoft.com/en-us/windows/protect-yourself-from-tech-support-scams-2ebf91bd-f94c-2a8a-e541-f5c800d18435
• https://www.cm-alliance.com/cybersecurity-blog/february-2025-major-cyber-attacks-ransomware-attacks-data-breaches
• https://www.scworld.com/brief/report-ransomware-attacks-soared-to-new-heights-last-month
• https://www.csoonline.com/article/3842496/the-state-of-ransomware-fragmented-but-still-potent-despite-takedowns.html

Fake CAPTCHA, Malvertising and Scareware via pop-ups

• https://www.zdnet.com/article/that-weird-captcha-could-be-a-malware-trap-heres-how-to-protect-yourself/
• https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/
• https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html

Governance, Risk, and Compliance

• https://www.infosecurity-magazine.com/news/ciso-liability-risks-policy-changes/
• https://www.scworld.com/brief/data-breach-liability-strains-cyber-execs-says-solarwinds-ciso
• https://www.pymnts.com/news/b2b-payments/2025/how-back-office-leaders-are-selling-the-c-suite-on-risk-and-compliance/
• https://erp.today/drata-unveils-new-grc-findings-on-ai-regulation-and-more/

Quantum Computing:

• https://thequantuminsider.com/2023/05/23/ibm-aims-for-100000-qubit-machine-by-2033-pioneering-quantum-centric-supercomputing/
• https://www.nextplatform.com/2025/03/31/d-wave-pushes-back-at-critics-shows-off-aggressive-quantum-roadmap/