Connect with us

Technology

Threat Researchers Detect 4x More Identity-Enabled Attacks as Infostealers Continue to Surge

Published

1 year ago

on

Red Canary’s 2025 Threat Detection Report highlights top and emerging cybersecurity threats, including fakeCAPTCHA, LLMJacking, and macOS malware

Adversaries have access to more tools than ever to compromise organizations, fueling a rise in attacks and straining security teams

None of the nearly 93,000 threats analyzed in this report were prevented by customers’ expansive security controls, including all leading endpoint protection (EPP) and IAM platforms

DENVER, March 18, 2025 /PRNewswire/ — Red Canary, a leader in managed detection and response (MDR), today unveiled its seventh annual Threat Detection Report, examining the trends, cyber threats, and adversary techniques that organizations should prioritize in the coming months and years. The report tracks the MITRE ATT&CK® techniques that adversaries abuse most frequently, and this year noted four times as many identity attacks compared to the 2024 edition. After debuting in the top 10 in 2024, cloud-native and identity-enabled techniques surged in this year’s report, with Cloud Accounts, Email Forwarding Rule, and Email Hiding Rules ranking among the top five.

“2024 marked the rise of cloud-native and identity-enabled attacks, with three of the top five techniques we detected falling into these categories. This highlights the immense value adversaries place on identities – compromise one, and they gain access to countless systems,” said Keith McCammon, co-founder and Chief Security Officer at Red Canary. “Unfortunately, the rise of identity and access management (IAM) and identity providers hasn’t deterred adversaries. Instead, it has made centralized identities even more lucrative targets as once compromised, adversaries can gain access to numerous disparate systems. Organizations must recognize identities as a frontline for defense and strengthen their security posture to stay ahead of adversaries.”

Research highlights major shifts in the threat landscape
The data that powers Red Canary and this report are not mere software signals—this data set is the result of hundreds of thousands of investigations across millions of protected systems and identities. Each of the threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

Red Canary’s 2025 report provides in-depth analysis of nearly 93,000 threats detected within more than 308 petabytes of security telemetry from customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. The total number of threats detected increased by more than a third compared to 2024’s report as a result of not only more customers, but also Red Canary’s expanded visibility into cloud and identity infrastructure.

The analysis shows that while the threat landscape continues to shift and evolve, adversaries’ motivations do not. The tools and techniques they deploy remain consistent, with some notable exceptions. Key findings include:

Click, paste, compromised – One of the most successful new initial access techniques observed this year was paste and run, also known as “ClickFix” and “fakeCAPTCHA.” In this attack, adversaries socially engineer users into executing malicious scripts under the pretense that doing so will fix something, like providing access to a video or document.VPN abuse is rampant and difficult to detect – Adversaries constantly use virtual private networks (VPNs) to conceal their location and bypass network controls, but employees also rely on them for legitimate activity. Strikingly, organizations in the educational services sector accounted for 63 percent of all VPN use – a disproportionately high share given their smaller presence among Red Canary’s data. This highlights that environments from organizations in this sector are a potential hotspot for VPN-related security risks.RMM exploitation is on the rise – The use of remote monitoring and management (RMM) tools for command and control and lateral movement is growing, enabling adversaries to drop malicious payloads including ransomware. This year, Red Canary saw malicious use of NetSupport Manager break its yearly top 10, highlighting the popularity of RMM tools amongst adversaries.The not-so-helpful IT desk – Phishing remains prevalent in many forms. Email, QR code (aka “quishing”), SMS, and voice phishing attacks all increased in 2024. Often adversaries posed as IT personnel, asking victims to download malicious or remote control software. In 2024, Black Basta paired email bombing with social engineering, posing as IT personnel “helping” with the issue to gain access and install RMM tools.

The rise of LLMJacking to attack cloud infrastructure

While cloud attacks rose overall in 2024, the techniques adversaries abused have largely remained the same as in past years. However, adversaries have shifted more of their efforts to attacking and compromising cloud infrastructure and platforms:

Red Canary observed adversaries attempting to impair defenses inside cloud environments by disabling or modifying firewall rules and logging. Gaining access through compromised cloud accounts or valid credentials, adversaries elevate their privileges by granting the identity additional roles.With the rise of LLM usage, cloud services such as AWS Bedrock, Azure OpenAI, and GCP Vertex AI have become prime targets for adversaries in an attack known as “LLMJacking.” Adversaries have reportedly sold access to these hijacked models as part of their own SaaS “business” and passed all LLM usage costs to the victim.

Info-stealing malware is the ultimate identity threat

In 2024, stealer malware infections were on the rise across Windows and macOS platforms. Adversaries use stealers to gather identity information and other data at scale. In 2024 there were some interesting variations in the use of infostealers, including:

LummaC2 was the most prevalent stealer detected in 2024, operating under a malware-as-a-service (MaaS), and selling for anywhere from $250 per month to a one-time payment of $20,000. Its growing popularity and expanded scope make it a major threat, exposing user credentials and enabling adversaries to gain initial access to organizations using legitimate accounts.Adversaries commonly use LummaC2 to deliver NetSupport Manager, Red Canary’s seventh most detected threat detected in 2024 – giving them a gateway to deploy other malicious payloads as a follow-up to their initial attack.

Mac malware ran rampant

In 2024, macOS experienced the same phenomenon that Windows did: an exponential increase in stealer malware.

Red Canary detected 400 percent more macOS threats in 2024 than in 2023, including an exponential increase in malware driven by Atomic, Poseidon, Banshee, and Cuckoo stealers. Atomic Stealer was the most prevalent, appearing on Red Canary’s monthly top 10 threat rankings five times.In September 2024, detections dropped off sharply after Apple remediated a popular Gatekeeper bypass technique abused by numerous malware families. 95 percent of stealer infections happened before September and just five percent occurred after, highlighting the dramatic and immediate impact that patching can have.

“This year’s report makes clear that the malware-as-a-service ecosystem has fully matured and is operating at a similar level to the legitimate software industry,” continued McCammon. “The sheer accessibility of the tools that adversaries can use to compromise organizations has led to an explosion in attack volume, overwhelming security teams. AI is becoming an essential tool for helping analysts cut through the noise and focus on threats that matter. By streamlining workflows and augmenting human expertise, AI enables security teams to detect and respond to threats faster, preventing adversaries from gaining an advantage.”

Recommended actions:

Limit unsanctioned VPN usage. Tighter policies around acceptable use of VPNs will mean that abuse is rare and becomes a potential signal of suspicious logins and other malicious activity when they are present.Manage your centralized identity management solution. A central identity solution isn’t an excuse to kick back. Centralized identity solutions make organizations more secure, but they’re also a priority target for adversaries. Organizations should pay special attention to the evolving threat landscape and be careful to manage their identity infrastructure as safely and securely as possible.Mitigate risk by making patching a top priority. It remains one of the best ways to protect yourself from risk. Unpatched vulnerabilities are one of the most common entry points for adversaries, making timely updates critical to reducing exposure.Balance accessibility to cloud systems with protection. Verify that permissions and configurations are correctly set, and stay informed on how your organization uses cloud infrastructure. Distinguishing between legitimate and suspicious activity requires a deep understanding of what’s normal in your environment.Assess and test your defenses. Look at the top threats and techniques and ask: ‘am I confident in my ability to defend each of these?’ Red Canary’s open source test library Atomic Red Team is free and easy to adopt.

Learn more

Read the full interactive report or the condensed executive summaryRegister and join the Inside the 2025 Threat Detection Report webinar on March 26 at 2:00pm ET

About the Threat Detection Report
The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, insight into how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.

The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.

Each of the nearly 93,000 threats Red Canary detected in 2024 were not prevented by the customers’ expansive security controls. They are the result of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.

About Red Canary
Red Canary is a leader in managed detection and response (MDR). We serve companies of every size and industry, focusing on finding and stopping threats before they can have a negative impact. As the cornerstone security operations partner for nearly 1,000 organizations, we provide MDR with industry-leading threat accuracy and a world-class customer experience across identities, endpoints, and cloud. For more information about Red Canary, visit: https://redcanary.com/.

View original content to download multimedia:https://www.prnewswire.com/news-releases/threat-researchers-detect-4x-more-identity-enabled-attacks-as-infostealers-continue-to-surge-302404711.html

SOURCE Red Canary

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Technology

Fox ESS Celebrates Strong Momentum with Integrated Solar Storage & Charging Solutions at Smart Energy 2026

Published

41 minutes ago

on

May 9, 2026

By

SYDNEY, May 9, 2026 /PRNewswire/ — Fox ESS, a global leader in renewable energy solutions, attended Smart Energy 2026 during 6-7 May as a platinum sponsor. At the event, Fox ESS showcased its next-generation approach to solar storage and EV charging solution, delivering a seamless, future-ready energy experience for homeowners and installers across Australia.

Integrated Solutions Tailored for Aussie Homes

At Smart Energy 2026, Fox ESS highlighted its storage-to-charging solution, designed to make everyday energy use more convenient for local residents. With performance-led products and proven market traction, Fox ESS is set to play its part in building a more resilient energy future for Australia.

Battery Systems

Fox ESS continues to build momentum in the battery market. Sunwiz, an Australian solar consultancy, recently reported that Fox ESS ranked No.1 in March for installation capacity. And the company also revealed it has installed more than 25,000 systems in April. During the exhibition, Sunwiz presented Fox ESS with an award, recognising the company as Top Solar Company for Fastest Growing Battery.

CQ7 V6+ High Voltage Battery (42kWh and above)
Building on Fox ESS’ proven strengths, compact design and high capacity, CQ7 V6+ is well suited to medium-sized households and ensure the free use of electricity and maximize the self-consumption.EQ4800 High Voltage Battery (28kWh)
A reliable choice for smaller households, designed for efficient day-to-day energy storage.

Alongside its battery range, Fox ESS showcased all-in-one systems, including Stackable AIO and EVO, designed to simplify installation while maintaining a high standard of design and presentation.

Inverters

Fox ESS offers a range of inverters to suit local requirements, supported by up to 200% PV oversizing and a 10-year product warranty.

Single-phase: H1‑G2 (3–6kW); KH series (7–10.5kW)Three-phase: H3 Smart (5–15kW); H3 Pro (15–29.9kW); H3 Plus (50–125kW)

EV Chargers

With EV adoption accelerating, Fox ESS also offers EV charging solutions with solar linkage, designed to work across its inverter portfolio. The chargers provide robust, smart energy management, including dynamic load balancing to help protect home circuits.

A Series (7.3kW / 11kW / 22kW): IP65 and IK08 protection, OCPP-compliant.L Series (7.3kW / 11kW): straightforward installation with multiple colour options.

Big Battery Still Takes Centre Stage

As the Cheaper Home Battery Program moves into a new phase under an updated rebate policy, interest in larger battery systems continues to grow, particularly as more households consider EV upgrades amid rising fuel costs. More EVs typically mean households need greater energy availability, making higher-capacity storage an increasingly attractive option.

Looking ahead, from 1 July 2026, the Australian Government’s Solar Sharer Offer (SSO) will provide eligible households with three hours of free daily electricity to align with peak solar generation. Households with larger batteries will be well placed to make the most of this opportunity.

Fox ESS is also working with local VPP partners, including Amber Electric and Origin Loop VPP, helping homeowners unlock maximum value while supporting greater grid stability.

Maimai Comes Alive at the Exhibition

Visitors to the Fox ESS stand experienced a full programme of brand activations across the event. Following the online announcement, Sydney served as Maimai’s first physical stop, bringing the community together for face-to-face engagement. Attendees queued to take photos with the brand’s friendly and recognisable mascot.

Long-Term Commitment to Australia

Fox ESS has opened two local offices in Melbourne and Sydney, with more than 30 dedicated specialists supporting local customer needs. The company is also looking to play a wider role in Australia’s energy transition.

Notably, Ian Thorpe made his first in-person appearance at Fox Night, where he presented partners with awards. At the event party, Fox ESS also hosted a battery installation challenge, featuring eight rounds of competition, with the final winners receiving a range of prizes.

“We’re delighted to see such a strong result following the rollout of local policy. With nearly 400,000 Australian households now installing batteries, Fox ESS has played a key role, but this is only the beginning. We’re committed to keeping momentum and helping make a smarter, more reliable energy future a reality for more homes.” said Brooks Richard Geng, APAC & Middle East Managing Director, Fox ESS.

View original content to download multimedia:https://www.prnewswire.com/apac/news-releases/fox-ess-celebrates-strong-momentum-with-integrated-solar-storage–charging-solutions-at-smart-energy-2026-302767429.html

SOURCE Fox ESS

Continue Reading

Technology

TELUS announces election of directors

Published

2 hours ago

on

May 9, 2026

By

VANCOUVER, BC, May 8, 2026 /CNW/ – TELUS Corporation (TELUS) (TSX: T) (NYSE: TU) announced today that the nominees listed in TELUS’ 2026 information circular were elected as directors of TELUS. The detailed results of the vote for the election of directors held at TELUS’ annual meeting on May 8, 2026 (the Meeting) are set out below.

Each of the following 14 nominees proposed by management was elected as a director of TELUS:

Nominee

Votes For  

% Votes For  

Votes Withheld  

% Votes Withheld 

Raymond T. Chan

592,322,965

97.91

12,667,245

2.09

Hazel Claxton

599,400,953

99.08

5,589,256

0.92

Lisa De Wilde

583,361,107

96.42

21,629,103

3.58

Victor Dodig

593,352,117

98.08

11,638,092

1.92

Darren Entwistle

586,791,970

96.99

18,198,239

3.01

Thomas Flynn

596,684,564

98.63

8,305,646

1.37

Mary Jo Haddad

577,841,419

95.51

27,148,791

4.49

Martha Hall Findlay     

595,075,545

98.36

9,914,665

1.64

Christine Magee

597,282,615

98.73

7,707,595

1.27

John Manley

579,845,538

95.84

25,144,672

4.16

David Mowat

592,867,380

98.00

12,122,830

2.00

Marc Parent

577,961,748

95.53

27,028,461

4.47

Denise Pickett

596,211,746

98.55

8,778,464

1.45

W. Sean Willy

595,898,668

98.50

9,091,541

1.50

Final voting results on all matters voted on at the Meeting will be published shortly on telus.com/agm, and filed with the Canadian and U.S. securities regulators.

About TELUS

TELUS (TSX: T, NYSE: TU) is a world-leading communications technology company operating in more than 45 countries and generating over $20 billion in annual revenue with more than 21 million customer connections through our advanced suite of broadband services for consumers, businesses and the public sector. We are committed to leveraging our technology to enable remarkable human outcomes. TELUS is passionate about putting our customers and communities first, leading the way globally in client service excellence and social capitalism. TELUS Health is enhancing approximately 170 million lives across 200 countries and territories through innovative preventive medicine and well-being technologies. TELUS Agriculture & Consumer Goods utilizes digital technologies and data insights to optimize the connection between producers and consumers. TELUS Digital specializes in digital customer experiences and future-focused digital transformations that deliver value for their global clients. Guided by our enduring ‘give where we live’ philosophy, TELUS continues to invest in initiatives that support education, health and community well-being. In 2023, we launched the TELUS Student Bursary, which strives to ensure that every young person in Canada who wants a postsecondary education has the opportunity to pursue one. To date, the program has distributed over $6 million in bursaries to 2,000 students and counting. Since 2000, TELUS, our team members and retirees have contributed $1.85 billion in cash, in-kind contributions, time and programs, including 2.5 million days of service–earning TELUS the distinction of the world’s most giving company.

For more information, visit telus.com or follow @Darren_Entwistle on Instagram.

For more information, please contact:

Jacinthe Beaulieu
TELUS Media Relations
Jacinthe.Beaulieu@telus.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/telus-announces-election-of-directors-302767404.html

SOURCE TELUS Communications Inc.

Continue Reading

Technology

CTK BIO SELECTED TO PARTICIPATE IN NGEN’S $62.7M ADVANCED MANUFACTURING INITIATIVE

Published

2 hours ago

on

May 9, 2026

By

VANCOUVER, BC, May 8, 2026 /CNW/ – CTK Bio Canada today announced its selection as a participant in a Next Generation Manufacturing Canada (NGen)-supported advanced manufacturing project, part of a $62.7 million national initiative backing 14 high-impact projects across Canada.

The initiative, recently announced by NGen, represents one of Canada’s most significant investments in advanced manufacturing, supporting collaborations between leading industry and technology partners to accelerate commercialization and strengthen global competitiveness. NGen’s project selection process is highly competitive, prioritizing initiatives with strong technical innovation, commercialization potential, and industry impact.

CTK Bio will contribute to the project titled “Streamlining Cosmetics Packaging with AI Powered Materials Informatics,” which uses artificial intelligence to guide the formulation and validation of packaging materials, ensuring compatibility with cosmetic products while meeting performance and regulatory requirements.

ADVANCING AI-DRIVEN MATERIALS INNOVATION
Through this project, CTK Bio is advancing an AI-powered materials informatics approach that improves how packaging materials are formulated, validated, and scaled for cosmetic applications.

By shifting from traditional trial-and-error methods to predictive, data-driven formulation, CTK Bio aims to:

Increase the success rate of new material developmentReduce formulation and validation timelinesLower development costsAccelerate commercialization of innovative and sustainable packaging solutions

EXECUTIVE COMMENTARY
JK Park, CEO
“This project unlocks synergies between CTK Bio and CTK Clip, where we already have an established global presence in the cosmetics market. By combining advanced materials innovation with existing market access, we can accelerate the commercialization of next-generation packaging solutions.”

ABOUT CTK BIO
CTK Bio Canada is focused on advancing next-generation biomaterials and manufacturing technologies, developing innovative solutions that enable more efficient, sustainable, and scalable production across global industries.

ABOUT NGEN
Next Generation Manufacturing Canada (NGen) is the industry-led organization spearheading Canada’s Global Innovation Cluster for Advanced Manufacturing. NGen brings together industry, academia, and technology partners to drive innovation, accelerate commercialization, and enhance Canada’s global competitiveness.

SOCIAL MEDIA ACCOUNTS:
Instagram: https://www.instagram.com/ctkbiocanada
Facebook: https://www.facebook.com/ctkbiocanada
LinkedIn: https://www.linkedin.com/company/ctk-bio-canada

For more information, visit www.ctkbio.com or call (604) 372-4200.

SOURCE CTK Bio

Continue Reading

Trending