The ball has dropped, the confetti’s been swept away and, along with it, 2024. It’s the start of a new year – a time of reflection and resolutions. As we step into 2025, K logix took this opportunity to analyze trends in the 2024 threat landscape, such as common initial access vectors and attack methods used by threat actors. From this analysis, K logix crafted 3 key 2025 cybersecurity resolutions designed to help organizations outpace threat actors and fortify defenses for the year ahead.
1. Implement a Secure Third-Party Management Program
This past year revealed the growing effectiveness of supply chain attacks. Some of the most famed breaches and vulnerabilities of 2024 rose to prominence precisely because of its impact on supply chains. The Change Healthcare breach is one such example; it demonstrated the devastating effects of a successful attack on a critical supplier in the healthcare industry. Early on in the year, zero-day vulnerabilities associated with Ivanti and Fortinet, two widely used VPN appliances, caused alarm and disruption across business sectors. For a financially motivated threat actor, targeting a critical supplier or a commonly used platform helps scale attacks, creates chaos and increases the likelihood of a payout, more than enough motivation for the financially driven adversaries to pour resources and attention to targeting the supply chain.
To facilitate impactful supply chain compromises, K logix predicts that adversaries will set their sights predominantly on two types of targets. The first type is businesses that provide a commonly used, public-facing system such as VPNs and file transfer solutions. By finding and exploiting a vulnerability in these platforms, threat actors can scale operations with less resources. This already occurred in 2024; the second most common initial access vector was exploiting public facing applications (MITRE T1190). K logix predicts this will continue to be a top access vector in 2025. The second target is business process outsourcing providers. Businesses often work directly with these providers and rely on them for critical business functions; an adversary can easily weaponize this relationship while targeting multiple businesses simultaneously. For organizations seeking to improve their third-party risk-ranking process, it is beneficial to look at the organization from the outside in; consider from the adversaries’ perspective which third parties serve as valuable targets.
A secure third-party management program includes, but is not limited to, comprehensive vendor risk-ranking, periodic security reevaluations of vendors, and incident response processes that account for the risk of a supply chain breach. When periodically evaluating vendors’ security posture, it is also recommended for organizations to identify how vendors are preparing for looming threats, such as AI advancements and quantum-based attacks.
2. Implement a Secure Identity and Access Management (IAM) Program
Stolen credentials are a prized asset among cyber threat actors and for good reason. Ranking as the 2024 third most common initial access vector, valid accounts (MITRE T1078) provide adversaries with both trusted access and avenues to burrow deeper into an organization’s environment with minimal detection. One of the most well-known breaches from this past year, the Change Healthcare breach, came to fruition due to a gap in secure IAM controls. Blackcat affiliates used stolen credentials to gain initial access; their job made even easier due to the lack of MFA. Compromised credentials can also be used to enhance the credibility and effectiveness of phishing campaigns, which is a common means of obtaining valid credentials, thereby feeding a cycle of compromise. Whether compromised credentials are used to avoid detection, aid social engineering campaigns or subvert trust, stolen identities have proven time and again to be a useful attack tool and thus will continue to be a target for threat actors in 2025.
With supply chain attacks on the rise, managing and securing third-party identities should be a top priority in 2025. It’s no secret that organizations have a harder time managing external identities and as a result external identities often are handled in unconventional ways. In 2025, K logix predicts adversaries will seek to exploit this vulnerability due to its susceptibility to attack and as part of a larger trend of targeting supply chains.
Adversaries’ ability to exploit compromised credentials are poised to become even more effective in 2025, fueled by advancements in AI and deepfake technology. To stay ahead, organizations should strengthen their IAM programs, bolstering defenses around the 3 key IAM pillars: authentication, authorization and privilege access management.
3. Implement Denial-of-Service (DoS) Protection
Ransomware groups are a formidable force in the threat landscape. Cybersecurity defenders have spent countless hours fortifying defenses to prevent a ransomware attack, such as conducting ransomware readiness assessments and tabletop exercises. 2025 will be no different, but K logix likes to come to the battleground prepared. This begs the question; how will ransomware groups evolve in 2025?
Over the past year, K logix has observed a steady rise in DoS attacks. One notable distributed denial-of-service (DDoS) attack that occurred in 2024 targeted Microsoft, leading to an 8-hour service outage. K logix predicts that this rise in DoS attacks indicates another turning point in the evolution of ransomware tactics, from double extortion to triple extortion. Ransomware groups will not only encrypt and exfiltrate data but also launch DoS campaigns to amplify disruption and further pressure victims to pay. As cybersecurity defenders gear up to start another round of ransomware attack preparation, a part of that preparation should include implementing DoS mitigation solutions.
Resolutions to Reality
Implementing these resolutions is no small task, but you don’t have to tackle them alone. K logix is here to partner with you, helping you identify vulnerabilities in your IAM, vendor risk management, and ransomware preparedness programs. Our experts provide actionable recommendations to strengthen defenses and set you on the path to a more secure 2025.
For more information, contact one of our experts: info@klogixsecurity.com.
Subscribe
Stay up to date with cyber security trends and more