March 2025 - Threat Intelligence Briefing

This months key insights:

• Mobile phishing ("mishing") is on the rise – Attackers are exploiting mobile-specific features like SMS, QR codes, and small screens to trick users into revealing sensitive information.

• Ransom attacks are evolving – Cybercriminals are shifting toward data theft and extortion.

• AI is fueling both cybercrime and defence – From deepfake scams to state-sponsored AI-driven hacking, attackers are getting smarter—but so are security measures.

• More businesses are relying on managed security services – With cyber risks escalating, organisations are increasingly turning to external security providers for protection.

Majority of businesses expect a cyber breach in 2025

In depressing news, research from Zscaler reveals that 60% of global businesses expect to suffer a cyber breach this year.

https://www.silicon.co.uk/security/cyberwar/majority-of-businesses-expect-a-cyber-breach-in-2025-599573

98% of Bosses Can’t Identify All the Signs of Phishing Scams

It doesn’t look like phishing scams are going to be any less of a problem in 2025, with a study from Tech.co finding that an alarming 98% of senior leaders in the US are unable to correctly identify all indicators of a phishing email. Personal data seems to be under constant threat when it comes to the online world. Security breaches and ransomware attacks have become empowered by new AI technology, and it seems like a new scam is always right around the corner. Even worse, business owners don’t seem to be taking the threat seriously, with a shockingly low number able to recognise the most obvious of signals of risk.

https://tech.co/news/bosses-cant-identify-phishing-scams

3.9 Billion passwords stolen — infostealer malware blamed

Considering just how many infostealer malware warnings have been issued recently, from macOS-specific threats, to those targeting a broad sweep of Gmail and Outlook email users, there can be little doubting that cybercrime actors are coming for your passwords.

Now the true reach of the infostealer malware threat has been laid bare by a threat intelligence agency which specializes in leveraging dark web data, and the picture it paints is a scary one. Here’s what you need to know.

https://www.forbes.com/sites/daveywinder/2025/02/24/hackers-share-39-billion-stolen-passwords-what-you-need-to-know/

Mobile Phishing Attacks Surge with 16% of Incidents in US

Security researchers have observed a sharp rise in mobile phishing attacks, known as “mishing,” with activity peaking in August 2024 at over 1000 daily attack records. The report, published by Zimperium zLabs, also found that 16% of all mobile phishing incidents occurred in the US. Mishing attacks leverage mobile-specific features like small screens, touch-based navigation and SMS or messaging platforms to trick users into divulging sensitive information. Threat actors often deploy tactics such as shortened URLs, QR code phishing (quishing) and even device-specific redirections that make detection and analysis more challenging. Notably, geolocation-targeted campaigns enable precise attacks on regions or organisations, further complicating defences.

https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/

UK SMEs to boost reliance on managed security services

UK SMEs are projected to increase their dependence on managed security services in 2025, according to research by Six Degrees. The research, titled "Mapping the UK SME Cyber Security Landscape in 2025," found that two-thirds of SMEs expected to increase their reliance on such services over the next year, with 80% considering this a positive step. Only 13% anticipated being less reliant, while 19.5% expected no change in their level of reliance.

https://securitybrief.co.uk/story/uk-smes-to-boost-reliance-on-managed-security-services

WEF: Supply Chains at Heart of Cybersecurity Threats

As risks evolve, organisations must strengthen resilience through collaboration and vigilance, the World Economic Forum advises in its latest 2025 Outlook. Cybersecurity is becoming more complex than ever as geopolitical tensions rise and technologies rapidly evolve. Cyber threats are becoming more sophisticated, not to mention growing regulatory demands, fragile supply chain networks and a widening cyber skills gap - its clear organisations face unprecedented challenges in staying secure.

https://supplychaindigital.com/technology/wef-supply-chains-heart-cybersecurity-threats 9 other thread stories this month To get the access full monthly round up Subscribe to our Monthly Newsletter

How Sanctuary Advisory Services Helps

Security Awareness & Training – Phishing, deepfake scams, and social engineering are among the biggest threats today. Ongoing training and real-world attack simulations help you and your team recognise and respond to these risks before they cause harm.

Mobile Protection with CyberSmart Active Protect – With mobile phishing and malware on the rise, securing smartphones and tablets is critical. Active Protect provides continuous monitoring, vulnerability detection, and compliance enforcement to keep your devices secure.

Dark Web Monitoring - Stolen credentials and personal data often end up on the dark web before being used in cyberattacks. Continuous monitoring helps detect exposed information early, so you can take action before it’s exploited.call-to-action

Subscribe to our Monthly Newsletter to access full monthly round up

Is you Business at Risk? Take our quick Quiz to find out!

Find out more about Services | Find our Pricing

Sign up today

Have a safe month everyone!