Is AI really changing the landscape of cyber threats, or is the constant drum beat of hype owning real, more concrete, real-world dangers? According to Picus Labs’ Red Report 2025, which analyzed over a million malware samples, there has been no significant surge in AI-driven attacks so far. Yes, the enemy is undoubtedly continuing to innovate, and AI certainly starts to play a bigger and bigger role, but the latest data shows that a well-known set of tactics, techniques, and procedures (TTP) still remains in the field. It suggests that they dominate.
The hype about artificial intelligence has certainly dominated media headlines. However, the actual data draws a much more subtle picture of the malware threat thrives. This gives you a glimpse into the most important findings and trends that will shape the most unfolding hostile campaign of the year, as well as the steps cybersecurity teams need to respond to them.
Why is there a shortage of AI hype… at least for now
The headline trumpets AI as a new all-purpose secret weapon for cybercriminals, but so far, statistics tell a very different story. In fact, after ripening the data, Picus Labs found no meaningful upwards in 2024 with AI-based tactics. Yes, enemies have begun to incorporate AI for greater efficiency, such as writing more reliable phishing emails and writing/debugging malicious code, but they have been using AI for most of the attacks so far. I haven’t tapped Transformation Power yet. In fact, data from Red Report 2025 shows that focusing on proven TTPs can prevent most of the attacks.
“Security teams need to prioritize identifying and addressing key gaps in defense, rather than sticking to the potential impact of AI.” – Picus Red Report 2025
Qualification theft is more than three times stronger (8% to 25%)
Attackers are increasingly targeting password stores, browser-stored credentials, and cached logins, leveraging stolen keys to escalate privileges and spreading them within the network. These three jumps highlight the urgent need for continuous and robust qualification management in conjunction with aggressive threat detection.
Modern Infostealer malware coordinates multi-stage style robbery that blends stealth, automation, and persistence. As legal processes hide malicious data uploads as they hide malicious operations and actual daily network traffic, bad actors can turn data right under the proverbs of their security teams. Can be removed. No Hollywood style “smash and grab” is required. Think of it as digital equivalent to a completely choreographed robber. Only criminals cannot be removed in escape cars. They are quietly hiding, waiting for your next misstep or opening.
93% of malware use at least one top 10 Miter ATT & CK technique
Despite the vast Miter ATT & CK® framework, most enemies stick to the TTP core set. Of the top 10 ATT & CK techniques offered in Red Report, the following peel and stealth techniques are the most used:
Combined effects? The legitimate selection process uses legitimate tools to collect and transmit data over widely used network channels. Naturally, these techniques can be difficult to detect using signature-based methods alone. However, behavioral analysis makes it much easier to spot anomalies, especially when monitoring and correlating data using multiple techniques. Security teams should focus on finding malicious activity that appears virtually indistinguishable from normal network traffic.
Return to basics for better defense
Today’s threats are often penetrated, sustained and eliminated through many stages of attack. By the time one step is identified, the attacker may have already moved to the next step. So, while the threat landscape is undoubtedly refined, the silver lining discovered in Red Report 2025 is rather simple. The current malicious activity actually revolves around small attack techniques. By doubling the foundations of modern cybersecurity, including strict qualification protection, advanced threat detection, and continuous security verification, organizations have confidently ignored the tsunami of AI hype for now, instead You can focus on facing the threats that are actually targeting them today.
Ready to get through AI hype and bolster your defenses?
Although the headline is pinned to AI, PICUS Security has been a pioneer in Violation and Attack Simulation (BAS) since 2013, and has been eager to focus on the methods and techniques that attackers actually use. Masu. The PICUS security verification platform continuously evaluates and fortifies organizational defenses, highlighting the fundamentals of eligibility protection and rapid threat detection.
Are you ready to see the differences? Download Picus Red Report 2025 or visit picussecurity.com to learn how to adjust your hype and keep real threats at bay.
Note: This article was written by Dr. Suleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs. Here we do every day to simulate cyber threats and strengthen organizational defenses.
Source link
