Arctic Wolf’s Clare Loveridge discusses some major cyber predictions for the threat landscape this year and how organisations can be prepared.
Last month, cybersecurity company Arctic Wolf released a report detailing its predictions for the threat landscape in 2025.
With an overarching belief that the cybersecurity sector will be primarily influenced by the adaptability and abilities of threat actors, along with their propensity for financial gain, Arctic Wolf highlighted various attack types and vulnerabilities that it believes will make waves in the cybersecurity world this year.
Major predictions include the increased use of advanced AI for malicious activities, as well as a continued targeting of critical infrastructure for both extortion and preparation for future “hybrid conflicts”.
One of the company’s core predictions for 2025 is that organisations’ perimeter cyber defences will continue to break down as threat actors target virtual private network (VPN) gateways. The report states that the rise of VPN gateways, due in part to remote or partially remote working environments, cyberattackers have gained new opportunities for infiltration. But how can threat actors exploit these gateways?
“The most common way is by exploiting a zero day or unpatched vulnerability in the VPN software,” says Clare Loveridge, VP and general manager for EMEA at Arctic Wolf, who pointed to examples such as Ivanti Connect Secure, which was exploited by threat actors last February and recently targeted in a zero-day attack.
“Threat actors can exploit zero-day or unpatched vulnerabilities by developing or acquiring exploit code that targets vulnerable software or systems. This can enable malicious actions such as unauthorised access, arbitrary code execution, data theft, service disruption or privilege escalation.
“The extent of the damage varies based on the vulnerability’s nature and the attacker’s objectives, potentially resulting in data breaches, system compromise, financial loss, reputational harm or operational shutdowns in critical infrastructure.”
She says there are other ways to exploit VPNs, such as credential theft through advanced phishing techniques, which she says could be a simpler albeit less effective way to breach the software.
“Credential theft would give them sessions, whereas exploiting the software could give them broad access.”
Vishing
One growing cyberthreat that the report highlights is large-scale social engineering campaigns, particularly voice phishing – or ‘vishing’ – attacks, where threat actors use AI and deepfake technology to masquerade as employees to target and deceive company departments that operate remotely.
“Vishing has become very concerning because of the advancements in AI,” says Loveridge. “There has been attacks with video facsimiles of real company executives directing employees to wire money etc. These will only get better over time.”
According to Arctic Wolf’s report, today’s deepfake tools only require a few still photographs – which can easily be sourced from LinkedIn and other social media platforms – to impersonate an employee.
“The best way to protect against this is to educate your employee base on what to look for and how to react to an urgent out-of-character request,” says Loveridge. “Security awareness training is key to this.
“In the vishing scenario specifically, if there is a video interaction with somebody you know, but they are asking for something out of character, use an out-of-band method to connect to that person to confirm the request.”
As Loveridge explains, an out-of-band method refers to a way of verifying information through a separate communication channel different from the one where the request originated. In a scenario where you receive a suspicious communication from someone you know – where they ask for something out of character such as financial assistance or confidential information – Loveridge says you shouldn’t respond directly.
Instead, she recommends calling their phone number from your contacts list to confirm their request, sending them a text or email through a previously established communication channel, or, if feasible, meeting them in person to confirm high-risk requests.
IAM, or am I?
Another core prediction of Arctic Wolf’s report is that cyberattacks such as ransomware will increasingly exploit weaknesses in identity and access management (IAM) systems. IAM infrastructure provides authentication, authorisation and identity management functions for enterprises.
However, while these systems intend to enable the proper management of employee accounts and access, Arctic Wolf warns that errors in these systems – such as overprivileged access,
orphaned accounts and shadow directories – will be taken advantage of by threat actors.
Another factor that threatens these systems is the fact that in some cases, security safeguards are often softened to reduce friction for users.
But where are IAM systems falling flat when it comes to security? Loveridge says the biggest issues are centred around “providing too much privilege and not having adequate multifactor authentication (MFA)”.
In order to prevent a breach to these systems, she says organisations need to ensure that access to critical resources is “restricted to the people who actually need the access and no more”, and to ensure that MFA is used on each critical access with a “something you have and something you know” approach.
“The ‘something you have and something you know’ approach is part of MFA, which enhances security by requiring users to provide two or more different types of credentials to verify their identity,” she explains. “This approach ensures that even if one factor (such as a password) is compromised, the attacker would still need access to the second factor, significantly reducing the risk of unauthorised access.”
The ‘something you know’ refers to knowledge-based credentials that only the user should know, such as passwords, personal identification numbers or security questions, while ‘something you have’ refers to a physical item or a “unique, time-sensitive token that the user possesses”. These could be a smartphone with an authenticator app, a one-time password sent via text or email, or an ID badge.
Stay clean
There’s clearly a lot to watch out for in the modern threat landscape, and so maintaining proper cyber hygiene is more important than ever.
The best way, according to Loveridge, to ensure proper cyber hygiene is to do routine checks, such as the security posture in depth review (SPiDR).
A SPiDR check combines security assessments, configuration reviews and best practice knowledge transfers to improve an organisation’s security posture.
Most of all though, organisations need to proactive and aware.
“Cyber hygiene really hasn’t changed much over the years. Keep your software and devices patched and do so as quickly as possible,” she says. “Ensure you are using MFA. Have a least privileged or zero-trust approach to security in general.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
