The H1 2025 cybersecurity report highlights a 16% increase in disclosed vulnerabilities, with Microsoft and edge security devices being the most exploited targets, predominantly by state-sponsored actors. Mobile malware advancements, evolving ransomware tactics, and sophisticated Magecart campaigns underscore a fragmented and expanding threat landscape. #Microsoft #UNC5221 #Magecart #SuperCardX #CobaltStrike
Keypoints
- Annual cybersecurity reports typically start with an Executive Summary outlining the current threat landscape, followed by Key Findings that detail significant data points and trends from the reporting period.
- They include sections on Vulnerability Exploitation Trends discussing the volume, types, and targets of exploited vulnerabilities, often highlighting exploited vendors and attack techniques.
- Malware Trends sections analyze prevalent malware families, tactics, and new developments such as the resurgence of legacy malware and new tactics employed by threat actors.
- Mobile Malware is explored with a focus on evolving threats like Android banking trojans using overlays and NFC relay attacks that enhance financial fraud capabilities.
- Ransomware reports cover changes in affiliate models, new evasion methods, and deployment techniques that attackers use to evade detection and attract affiliates.
- Reports examine targeted organizations and devices, including the prominence of vulnerabilities in Microsoft products and edge security devices like SSL-VPNs and firewalls.
- Statistics show a 16% increase in CVEs disclosed compared to H1 2024, with 161 vulnerabilities actively exploited, 42% having public proof-of-concept exploits and 69% requiring no authentication, facilitating easy exploitation.
- State-sponsored actors were responsible for over half of the observed exploitations, with specific focus on groups like UNC5221 targeting Ivanti products alongside frequent use of tools such as Cobalt Strike for post-exploitation activity.
- The report highlights the increase in contactless payment threats, including the emergence of SuperCard X enabling NFC relay fraud by capturing and transmitting card data.
- Insikt Group continuously updates detection rules, producing Nuclei templates aligned with actively exploited vulnerabilities to aid proactive scanning and mitigation efforts.
- Recurring themes emphasize the importance of rapid patching of internet-facing systems, enhanced behavioral monitoring, and diligent mobile security policies to counteract evolving threats.
- Major attack techniques correspond with MITRE ATT&CK tactics like Exploit Public-Facing Application (T1190), Exploitation for Client Execution (T1203), and Exploitation for Privilege Escalation (T1068), illustrating attacker preferences for initial access and privilege escalation.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)