Review of evolution of known cybersecurity threats - Part 1. Methods

30 April 2025

2024 Data Analysis from FortiGuard Labs

Over the past year, we’ve seen advanced persistent threat (APT) groups adopt new tactics, techniques, and procedures (TTPs), attackers leverage AI to increase the volume and speed of their attacks, and ransomware deployments become larger and more destructive. Below, we’ll take a look at key predictions we’ve made for 2024 and our thoughts on how these long-standing trends will evolve in 2025.

About FortiGuard Labs

FortiGuard Labs is Fortinet’s elite cybersecurity threat intelligence and research organization. A pioneer and innovator in the security industry, FortiGuard Labs develops and deploys cutting-edge machine learning and AI technologies to provide customers with timely protection and actionable threat analytics.

Advanced regular cybercrime accelerating

APT groups are known to be highly adaptable. For example, the Stuxnet attack in 2010 marked a turning point in the sophistication of cyberwarfare, when state-sponsored APTs demonstrated their ability to disrupt physical infrastructure.

APTs are constantly changing their methods, exploiting new vulnerabilities, and remaining active despite improvements in defenses. About a third of the APT groups identified by MITRE are active. Based on FortiRecon intelligence, 38 of the 143 identified APT groups (27%) were active during the second half of 2023, including Lazarus Group, Kimusky, APT28, APT29, Andariel, and OilRig. Last year, there was a trend where some APT groups will use even more stealthy, innovative methods to launch attacks.

As APT groups continue to deepen their collaboration with cybercriminals, it is no surprise that APTs are deploying new TTPs at a record pace. For example, this summer, we observed the GrimResource attack technique combined with remote AppDomain injection, which allows attackers to inject malicious code into isolated application domains. This makes it much more difficult for traditional endpoint security tools to detect threats. APT29, for example, deploys efficient malware that is used in memory to avoid leaving traces on disk.

These examples illustrate how APT groups remain agile and innovative, creating a constant challenge for cybersecurity defenders around the world.

Note:

APT groups are groups of highly skilled hackers, often sponsored by a specific state or corporation. Their goal is to obtain sensitive data from government agencies, high-ranking individuals, or strategic companies while avoiding detection.

Attackers add new TTPs to their toolkits

For many years, attackers have relied on a relatively small collection of TTPs (tactics, techniques, and procedures) that have proven successful in using these frameworks for their attacks. It was expected that attackers would expand the TTPs they use to compromise their attack targets, especially with the advent of artificial intelligence and other new technologies that aid their efforts. Indeed, the TTP playing field has widened, with attackers constantly advancing new procedural-level techniques and creating new ones. Attackers are also rapidly implementing new ways to counter the measures that many organizations have put in place for specific compromise methods.

To counter the attack methods that attackers are constantly developing to bypass standard defenses, security professionals should:

  • Leverage proactive threat hunting. Rather than waiting for alerts, defenders should proactively hunt for threats to identify signs of potential compromise that automated systems might miss. This approach involves using advanced data analytics, behavioral analysis, and hypothesis testing.
  • Increase your security. Implement a defense-in-depth strategy that integrates multiple security mechanisms (such as network monitoring, endpoint security, and anomaly detection) so that if one defense is breached, the others can act as a common security network. Ideally, these solutions should be integrated into a unified platform to seamlessly distribute multi-layered checks across security systems and the network.
  • Adhere to zero trust principles. Constantly verify the identity and trust level of users and devices, even within the network perimeter. Zero-trust models minimize the damage that attackers can do once they gain access to the network.
  • Implement threat intelligence. Use up-to-date threat intelligence to stay on top of new TTPs and keep the rules of the game up-to-date. This helps defenders anticipate new tactics and adapt existing safeguards accordingly.
  • Conduct regular red team drills. Regular red and blue team simulations can expose weaknesses in an organization’s defenses and provide actionable insights into potential circumvention strategies that attackers might employ.

This adaptive, multi-layered approach, supported by ongoing training and the implementation of new security technologies, helps organizations remain resilient as the threat landscape evolves.

In the next article, we’ll look at the AI tools in the hands of cyberattackers. зловмисників.

📷
Тенденції розвитку систем накопичення електроенергії: виклики, технології та перспективи 📷
📷
Читати більше новин
EN