Here is collection of some cyber security trends and predictions for 2025 from various sources:
Pimeän verkon keskustelut paljastavat: Tällaista kyytiä on luvassa vuonna 2025
Keskustelut paljastavat ensi vuoden uhkakuvat.
https://www.is.fi/digitoday/tietoturva/art-2000010908617.html
VPN provider NordVPN has partnered with researchers at NordStellar to predict the cyber threats of 2025. The companies analyzed the largest dark web forums to identify the most talked about and trending topics. These include:
Advanced disinformation services
Stolen digital identities
AI-based social engineering
Smart home vulnerabilities
The state of connected homes is already fragile, NordVPN warns.
Kyberturvallisuuden ja tekoälyn tärkeimmät trendit 2025
https://www.uusiteknologia.fi/2024/11/20/kyberturvallisuuden-ja-tekoalyn-tarkeimmat-trendit-2025/
Security firm Palo Alto Networks has released a comprehensive list of emerging threats and the impact of advances in artificial intelligence (AI) for the coming year. While they present their own risks, they also help malicious actors seek help to exploit the new capabilities of AI.
Cyber infrastructure is focused on one unified security platform
Large amounts of data give an advantage against new entrepreneurs
Businesses are increasingly adopting secure enterprise browsers
In 2025, more attention will be paid to the energy impacts of artificial intelligence
The realities of quantum technology will become clearer in 2025
Security and marketing directors work more closely together
Kyberhyökkäykset ovat entistä laajempia, röyhkeämpiä ja vahingollisempia.
https://www.verkkouutiset.fi/?p=694453#9c1dc2d3
Cybersecurity company Fortinet has published a cyber threat forecast for 2025. According to it, threat actors will continue to rely on many traditional tactics that have been used for decades.
According to the report, the following cyber threats will be increasingly seen around the world starting next year.
Cybercriminals specialize in certain stages of the attack chain
Attacks on cloud environments are becoming more common
Automated hacking tools on dark web sales platforms
Real-life threats become part of attackers’ tactics
Anti-attack groups expand cooperation
A grim forecast for 2025
Security company warns of new-age cyberattacks.
https://www.iltalehti.fi/digiuutiset/a/3ba5142e-f0ee-43fe-8bd2-4468a9d2d5bd
According to security company Fortinet, many cybercriminals are making better attacks than before, which is not a good thing at all. In addition, old protection methods may not be enough as criminals find new ways to attack.
The company’s Fortiguard Labs team has compiled an updated threat forecast report for 2025, which underlines that cyberattacks are becoming more targeted and harmful, for example, as turnkey cyberattack services become more common.
1 Specialization
2 Cloud and artificial intelligence as themes
3 Real-life threats are part of the tactic
Fortinet reminds us that the responsibility for ensuring information security lies with everyone, not just corporate security and IT teams.
– No single organization or security team can prevent cybercrime on its own, it underlines.
Guidance to survive 2025:
Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
MITRE shares 2024′s top 25 most dangerous software weaknesses
https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/
Six password takeaways from the updated NIST cybersecurity framework
https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/
203 Comments
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-all-new-accounts-passwordless-by-default/
Tomi Engdahl says:
Review: Effective Vulnerability Management
https://www.helpnetsecurity.com/2025/05/05/review-effective-vulnerability-management/
Tomi Engdahl says:
https://www.facebook.com/share/p/15XwDHphWr/
Password Cracking BY: Engr. Ahmed Malik (Advisor to Cisco ASC/ITC)
Password cracking is the process of attempting to recover passwords from data that has been stored or transmitted by a computer system in an unintelligible form. This is often done to gain unauthorized access to systems or data. While it can be used for legitimate purposes, such as recovering forgotten passwords or security testing by system administrators, it is more commonly associated with malicious activities.
There are various types of password cracking tools and techniques, broadly categorized as follows:
1. Brute-Force Attacks:
Description: This method involves systematically trying every possible combination of characters until the correct password is found.
Tools: Tools like THC-Hydra, Medusa, and custom scripts can automate brute-force attacks.
2. Dictionary Attacks:
Description: This technique uses a predefined list of common words and phrases (a “dictionary”) and tries each entry as a potential password.
Tools: John the Ripper (JtR) and Hashcat are popular tools that support dictionary attacks.
3. Hybrid Attacks:
Description: These attacks combine dictionary attacks with brute-force techniques by appending numbers, symbols, or common variations to dictionary words.
Tools: John the Ripper and Hashcat offer flexible rule engines for hybrid attacks.
4. Rainbow Table Attacks:
Description: Rainbow tables are pre-computed tables of password hashes used to speed up the process of cracking hashed passwords.
Tools: RainbowCrack and Ophcrack utilize rainbow tables.
5. Keyloggers:
Description: While not strictly password “cracking,” keyloggers are malware that record keystrokes, allowing attackers to capture passwords as they are typed.
Tools: Various commercially available and open-source keylogging software exists.
6. Social Engineering:
Description: This involves manipulating individuals into revealing their passwords or other sensitive information. Phishing is a common social engineering technique.
Tools: Social engineering often relies on psychological manipulation rather than specific software, but tools can be used to create fake login pages or send phishing emails.
7. Credential Stuffing:
Description: Attackers use previously compromised username and password pairs (obtained from data breaches) to try and log into other services, hoping users reuse their credentials.
Tools: Automated scripts and botnets are commonly used for credential stuffing attacks.
8. Password Spraying:
Description: Instead of trying many passwords against one account, attackers try a few common passwords against a large number of accounts. This can bypass account lockout policies.
Tools: Custom scripts and tools like Ncrack can be used for password spraying.
9. Malware:
Description: Besides keyloggers, other types of malware can steal stored passwords or session tokens.
Tools: Various types of trojans, spyware, and ransomware may have password-stealing capabilities.
10. Man-in-the-Middle (MITM) Attacks:
Description: Attackers intercept communication between a user and a server to capture login credentials as they are transmitted.
Tools: Tools like Wireshark and Ettercap can be used to capture network traffic, including potentially unencrypted credentials.
Dedicated Password Cracking Software:
Beyond the techniques, several software tools are specifically designed for password cracking, including:
John the Ripper (JtR): A versatile and popular open-source password cracker that supports many hash types and cracking methods.
Hashcat: A powerful, GPU-accelerated password cracking tool known for its speed and support for numerous algorithms.
Cain and Abel: A Windows-based tool that can recover various types of passwords using different techniques.
Ophcrack: A Windows password cracker based on rainbow tables.
Aircrack-ng: A suite of tools primarily used for cracking Wi-Fi passwords (WEP and WPA/WPA2-PSK).
L0phtCrack: A commercial tool for auditing and cracking Windows passwords.
Hydra: A fast network logon cracker that supports many different protocols.
It’s crucial to understand these techniques and tools to implement effective security measures and protect against unauthorized access. Using strong, unique passwords, enabling multi-factor authentication, and keeping software updated are essential steps in mitigating the risk of password cracking.