In early 2025, cyber experts from Positive Technologies shed light on expected trends and vulnerabilities in software and hardware security for the year. Focusing on identifying zero-day vulnerabilities and understanding the spoofing trends in various technology sectors, their insights reveal a relentless battle between cyber defenders, known as white hackers, and attackers. The analysis from these experts paints a picture of both continuous improvement in defense mechanisms and the ceaseless ingenuity of cybercriminals seeking to exploit new weaknesses. This comprehensive overview dives into the pivotal observations and forecasts presented, adhering to an objective and clear narrative that underscores the evolving nature of cybersecurity threats and responses.
The Rise of Zero-Day Vulnerabilities
Diana Abdurakhmanova, Head of the Coordinated Vulnerability Disclosure Group at Positive Technologies, highlighted the impressive feats achieved by their PT SWARM team. In 2024 alone, the team identified over 100 zero-day vulnerabilities, with 75 classified as high or critical risk. These vulnerabilities affected significant software such as Microsoft Windows and ESET Internet Security, as well as hardware like Yealink video conferencing systems and Pandora FMS monitoring software. The sheer volume of vulnerabilities detected underscores both the heightened activity of cyber attackers and the effectiveness of diligent cybersecurity efforts.
Over a span from 2022 to 2024, a total of 452 zero-day vulnerabilities were identified by the team. An interesting trend observed is the improvement in the response times of vendors in addressing these vulnerabilities. For example, in 2024, there was a 30% increase in reports being closed within 60 days, and a 30% decrease in vendors taking more than 90 days to resolve such issues. This faster response time represents an encouraging trend in the management and mitigation of cybersecurity threats. However, as patch management efforts are accelerated and more vulnerabilities are addressed, cybercriminals are expected to innovate and find new weaknesses in systems, pushing the boundaries of their strategies to locate zero-day vulnerabilities.
Trending Vulnerabilities Across Platforms
Alexander Leonov, Lead Expert at PT Expert Security Center, shared that in 2024 alone, Positive Technologies identified over 70 vulnerabilities trending across varied platforms, including operating systems, application software, backup systems, and network devices. Of these vulnerabilities, 48 were confirmed to have been exploited by cyber attackers, 15 had public exploits available, and three were likely to be exploited in the future. These vulnerabilities primarily involve mechanisms such as arbitrary code and command execution, with 23 instances, and privilege escalation to maximum levels, observed in 17 instances.
It was noted that the majority of these vulnerabilities were found in Microsoft products. Of the 27 identified in Microsoft products, 14 involved privilege escalation vulnerabilities in the Windows kernel and standard components. Phishing attacks continue to be a major threat vector, with 16 of the trending vulnerabilities being exploited in such attacks. These avenues not only endanger individual systems but also pose significant risks to broader network security. Ten vulnerabilities posed significant risks to network security, potentially acting as entry points for broader system compromises. Additionally, vulnerabilities that allowed hackers to breach virtual infrastructure and critical backups also remained a critical concern.
Hardware Security Challenges
Hardware security also faces significant challenges, as detailed by Alexey Usanov, Head of Hardware Security at Positive Technologies’ Positive LABS. The year 2024 saw several critical hardware vulnerabilities emerge, illustrating the increasing complexity and sophistication of modern cyberattacks. These hardware vulnerabilities, some discovered through actual attacks and others through research findings, underscore the demand for higher skill levels among attackers and advanced defensive measures among cybersecurity professionals.
Notable mentions in 2024 included vulnerabilities in GigaDevice GD32, which allowed potential attackers to gain full device firmware access. Nearly a dozen vulnerabilities were found in the Qualcomm Adreno GPU by the Google Android Red Team. A particularly sophisticated cyberattack on iOS devices, dubbed Operation Triangulation, used a chain of four zero-day vulnerabilities to compromise security. Other instances included bypassing ARM’s memory tagging extension with a speculative execution attack known as TIKTAG, compromising the firmware of Apple’s USB-C controllers, and exposing a specific hardware vulnerability in Apple’s M-series processors.
The Proliferation of Connected Devices
The proliferation of connected devices continues unabated, as manufacturers race to gain market share. Unfortunately, this rush often results in products with inherent vulnerabilities or inadequate protection measures. A compromised connected device can jeopardize the entire infrastructure, especially if network configurations are poor. Cases such as the widespread hacking of Synology network storage devices demonstrate the risks involved when a manufacturer’s infrastructure is compromised, magnifying the security challenges linked to IoT devices.
An overarching trend is seen in the rising costs and increasing sophistication of hardware attacks. More developers are venturing into embedded development, driven by advancements in modern tools and frameworks. However, this shift can compromise performance and security as firmware increasingly includes code from varied sources, blurring the lines of dedicated security programming. Manufacturers, in turn, are focusing more on defending against fault injection and side-channel attacks, often engaging cybersecurity professionals to mitigate these risks.
The Battle Between Defenders and Attackers
In early 2025, cyber experts from Positive Technologies revealed anticipated trends and vulnerabilities in software and hardware security for the upcoming year. Their focus was on identifying zero-day vulnerabilities and analyzing spoofing trends across various technology sectors. The insights highlight an ongoing battle between cyber defenders, known as white hackers, and relentless attackers. The experts’ analysis shows a continual advancement in defense mechanisms alongside the unending creativity of cybercriminals who seek to exploit new weaknesses. This in-depth overview delves into key observations and forecasts, maintaining an objective narrative that emphasizes the evolving nature of cybersecurity threats and responses. The experts predict a rise in sophisticated phishing attacks and the use of artificial intelligence by both defenders and attackers. Additionally, there is an expectation of increased vulnerabilities in Internet of Things (IoT) devices as they become more prevalent. Positive Technologies stresses the importance of staying ahead with robust security measures, continuous monitoring, and proactive threat hunting to mitigate these emerging risks.