Marlink: Stronger policy and user awareness against cyber threats

Evolution of cyber threats during 

According to the report, during the second half of 2024, (H2) there had been an evolution in cyber threats, as malicious actors have adopted increasingly efficient, structured, and business-like approaches to cybercrime. Cybercriminals streamlined their tactics, enhanced their operational efficiency, and adopted emerging technologies to expand their attack capabilities.

Adoption of generative artificial intelligence in cybercrime

One of the most significant developments has been the increase in the adoption of generative artificial intelligence (genAI). Off-the-shelf large language models (LLMs) have become a critical tool for adversaries, allowing them to accelerate malware development, automate phishing campaigns, and refine social engineering tactics. This has led to a surge in AI-assisted cyberattacks. Some actors have leveraged genAI to assist in developing malicious scripts and exploits designed to specifically target CVEs (known cyber security vulnerabilities).

Unprecedented speed of cyberattacks

The speed of attacks has also reached unprecedented levels. The average breakout time—the period it takes for an adversary to move laterally within a network—has been significantly reduced, now taking less than an hour in most incidents, with some cases occurring in under a minute. This rapid movement highlights the critical need for real-time threat detection and response measures.

Growth of organised cybercriminal ecosystems and access brokers

Additionally, the cybercriminal ecosystem has become more organised, with access brokers thriving. The sale of network access has doubled in the past year, as cybercriminals increasingly turned to access broker services to gain entry into corporate environments. This shift coincides with a decline in traditional phishing-based initial access, as attackers favour alternative infiltration methods, such as social engineering via telephone-based exploitation (vishing) and abuse of remote monitoring and management (RMM) tools.

Shift towards hands-on-keyboard techniques

Also, in H2 an overwhelming number of observed attacks did not rely on malware, marking a shift towards hands-on-keyboard techniques. Cybercriminals have increasingly mimicked legitimate user behaviour to evade detection, engaging in interactive intrusions that blend seamlessly with normal network activity.

Exploitation of publicly available vulnerability research

Furthermore, attackers have continued to exploit publicly available vulnerability research, targeting weaknesses in cloud environments and peripheral network devices, including OT systems. Exploiting identity-based vulnerabilities has become a primary attack vector, with adversaries leveraging compromised credentials and trusted relationships to move deeper into systems.

Forecasting the evolution of cyberattacks in 2025

Looking ahead to 2025, the cyber security landscape is expected to become increasingly complex and challenging. Cybercriminals will continue to refine their tactics, leveraging emerging technologies, and exploiting new vulnerabilities. Based on current trends and technological advancements cyberattacks are likely to evolve in the following direction:

1. AI-Powered cyberattacks
   
   Cybercriminals will leverage AI to automate and optimise their attacks, creating more sophisticated phishing campaigns, developing malware that can adapt to evade detection, and even using AI-driven social engineering to manipulate victims more effectively.

2. Increased targeting of IoT and OT Systems
   
   More attacks aimed at disrupting IoT and OT infrastructure, and industrial control systems, are expected. These attacks could have severe real-world consequences, including operational shutdowns and safety risks.

3. Expansion of Ransomware-as-a-Service (RaaS)
   
   Ransomware attacks will continue to grow, with the RaaS model becoming even more prevalent. We may see more cybercriminal groups offering ransomware tools and services to less technically skilled attackers, leading to a surge in ransomware incidents. Additionally, attackers are likely to adopt more aggressive tactics, such as double extortion (stealing data before encrypting it) and targeting critical infrastructure.

4. Exploitation of 5G vulnerabilities
   
   Cybercriminals may exploit vulnerabilities in 5G infrastructure to launch large-scale Distributed Denial of Service (DDoS) attacks, intercept communications, or compromise connected devices.

5. Deepfakes and disinformation campaigns
   
   Deepfake technology will become a powerful tool for cybercriminals in 2025. Attackers may use deepfakes to impersonate executives, manipulate stock markets, or spread disinformation.

6. Focus on supply chain attacks
   
   Supply chain attacks, where attackers target third-party vendors to compromise larger organisations, will become more sophisticated in 2025. Cybercriminals will exploit weak links in the supply chain to infiltrate networks, steal intellectual property, or disrupt operations.

H2 2024 saw a marked evolution in cyber threats, as malicious actors adopted increasingly efficient, structured, and business-like approaches to cybercrime, putting additional pressure on the maritime industry. Looking ahead to 2025, the cyber security landscape is expected to become increasingly complex and challenging, increasing the pressure on users to improve protection of assets and people.

… said Nicolas Furge, President, Marlink Cyber.