19 Tech Experts Detail Emerging APT Tactics (And How To Prepare)

getty
The thought of a successful cyberattack is a sobering one for any business, but even more alarming are advanced persistent threats. Through these sophisticated attacks, a bad actor infiltrates a network and is able to linger for an extended period of time, undetected, accessing sensitive data, disrupting operations or even conducting ongoing surveillance.
Carefully planned and often tailored to specific industries and technologies, APTs are evolving and growing in number, with cloud migration, remote workplaces and increased reliance on third-party vendors expanding the attack surface. Below, members of Forbes Technology Council detail emerging APT tactics digital organizations must be ready for and how to prepare.
Browsers have emerged as a significant threat vector. The significant majority of our work time is spent within browsers. As the use of SaaS applications continues to grow, the number of locations where sensitive data is stored expands, making it more challenging to secure data and leaving IT and security teams struggling to keep up. Our inability to mitigate browser-based threats poses critical risk for our organizations. - John Carse, SquareX
Threat actors are weaponizing EDR bypass tools (or 'EDR killers') to launch their attacks, as seen in recent attempts by RansomHub. Threats that evade perimeter controls, however, must still cross the network—which can't be tampered with. Have a layered defense that includes network visibility to identify unusual patterns that could indicate malicious behaviors so attackers have nowhere to hide. - Rob Greer, ExtraHop
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
AI supports every phase of an attack, including command-and-control (C2) beaconing. If your security mostly relies on machine learning systems based on rules and known indicators, you're exposed. Most enterprises should expect their counterparties to be repeatedly hacked—until we all embrace adaptive deep learning as a defense. - Evan Powell, Deep Tempo
APT groups will weaponize deepfake-driven phishing even further. AI-generated voices and videos will impersonate executives, bypassing traditional identity verification and social engineering defenses. Organizations must implement multifactor biometric authentication, behavioral analytics and AI-driven anomaly detection that can flag even the most subtle inconsistencies. - Aditya Patel, Amazon Web Services (AWS)
Cloud collaboration tools are increasingly being weaponized. Attackers 'live off the land' using trusted platforms like Microsoft 365 to evade detection. To combat this, organizations should implement strong multifactor authentication and behavioral analytics for cloud environments and train employees to recognize suspicious activity in the tools they rely on for daily collaboration. - Gergo Vari, Lensa, Inc.
Advances in generative AI have become sophisticated, making social engineering attacks more convincing and challenging to detect. Identity-driven security, such as phishing-resistant authentication and verification, plays a crucial role in mitigating social engineering attacks by focusing on verifying and validating the identities of users and entities involved in digital interactions. - Venkat Viswanathan, Okta
APTs are increasingly targeting backup and disaster recovery systems to sabotage recovery efforts. Organizations must implement immutable backups, enforce zero-trust access, regularly test recovery plans and use AI-driven threat detection to ensure cyber resilience. - Aliasgar Dohadwala, Visiontech Systems International LLC
APT groups are increasingly leveraging infostealer malware to harvest credentials and session cookies, allowing them to bypass multifactor authentication and maintain stealthy access. To defend against this, organizations must monitor for stolen credentials, detect and invalidate compromised sessions, and enforce adaptive authentication to prevent attackers from exploiting legitimate user identities. - Damon Fleury, SpyCloud
A rising APT tactic is supply chain attacks, where hackers exploit third-party vendors and software dependencies to breach networks. To counter this, organizations must conduct strict vendor assessments, enforce zero-trust security, implement continuous monitoring and strengthen incident response to safeguard critical systems and data. - Sanjoy Sarkar, First Citizens Bank
While open-source AI models are a goldmine for software developers, they are equally attractive to cybercriminals for embedding malware. Organizations need to be able to discover which models are being used within their applications, and how they're being used, to screen them for security risks and enforce policies over which models can and cannot be used. - Varun Badhwar, Endor Labs
Prepare for AI-driven APTs that autonomously adapt to security defenses. These attacks learn from detection attempts and modify their techniques to remain hidden. Prepare by implementing AI-based defense systems, conducting adversarial simulations, developing response playbooks, embracing zero-trust architecture and investing in threat intelligence for early warnings of new attack methods. - Priya Mohan, KPMG
An emerging APT tactic is adversarial AI attacks, where threat actors manipulate machine learning models to evade detection or generate false insights. Organizations should prepare by securing AI training data, implementing robust anomaly detection and continuously stress-testing models against adversarial inputs. Strengthening AI governance and investing in explainable AI will enhance resilience. - Sai Vishnu Vardhan Machapatri, Vernus Technologies
Attackers are deploying zero-click exploits—which require no user interaction—to infiltrate mobile devices, Internet of Things systems and critical infrastructure. Enterprises need continuous endpoint monitoring, hardware-level security enforcement and AI-driven anomaly detection for connected devices. - Vamsi Krishna Dhakshinadhi, GrabAgile Inc.
An emerging APT tactic involves targeting unmanaged digital assets (that is, shadow IT) and poisoning AI training data to manipulate outcomes. Organizations should conduct regular audits to identify and secure shadow IT, enforce strict governance over digital tools, validate AI data pipelines and implement anomaly detection to ensure data integrity before model training. - Mark Mahle, NetActuate, Inc.
A new APT tactic to watch for is adversary-in-the-middle (AiTM) attacks, where threat actors intercept and manipulate real-time communications to bypass authentication and hijack sessions. To prepare, organizations should implement phishing-resistant multifactor authentication, monitor session integrity and deploy AI-driven anomaly detection to flag unauthorized access attempts before they escalate. - Roman Vinogradov, Improvado
APTs will increasingly target data governance gaps rather than technical systems. Organizations should prepare by establishing comprehensive data inventories and clear data lineage. When you know what data you have, who can access it and how it flows through systems, you eliminate the 'dark corners' where threats hide. - Nick Hart, Data Foundation
Organizations must prepare for 'AI poisoning,' where attackers manipulate machine learning models by injecting corrupted data into training sets. This can lead to biased and incorrect results, eventually distorting fraud detection and security defenses. Organizations must implement robust data validation pipelines and regularly and proactively audit AI models for anomalies. - Harini Shankar
Cloud-native attack chains are a rising advanced persistent threat trend. These use cloud services for stealthy, complex attacks that evade traditional defenses. Organizations must implement cloud workload protection (CWP), continuous API monitoring and SIEM that correlates cloud-native logs. Microsegmentation and least-privilege access are also vital to limit lateral movement. - Pradeep Kumar Muthukamatchi, Microsoft
Attackers with long-term footholds in networks performing data exfiltration are a major concern. To combat this, businesses should implement zero-trust architectures to limit lateral movement and use next-generation firewalls that analyze traffic patterns to new or untrusted locations. - Imran Aftab, 10Pearls

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

New York Post

2 days ago

• New York Post

Is this Microsoft Office license the end of subscription hell?

Discover startups, services, products and more from our partner StackCommerce. New York Post edits this content, and may be compensated and/or receive an affiliate commission if you buy through our links. TL;DR: Save 77% on a Microsoft Office lifetime license for Windows while codes last. Own the complete app suite for life. Unlike Microsoft 365's recurring subscription model, this version only requires a one-time payment for lifelong access. Immediately after your purchase, you'll receive an email containing your download link and unique software activation key. These allow you to install the software directly onto your Windows PC. Since the Office apps are downloaded onto your device, you can use them offline. This also means that you'll never be hit with surprise interface updates that force you to relearn an app layout overnight. This version of Microsoft Office includes Word, Excel, PowerPoint, Outlook, Teams, OneNote, Publisher, and Access. (Bonus: Did you know Microsoft 365 is permanently sunsetting Publisher? This license is a way to own it for good!) Get the lifetime version of Microsoft Office for just $49.97 and never worry about fees, online access, or annoying interface updates ever again (reg. $219.99). Codes are limited, so act fast. StackSocial prices subject to change.

Time Business News

2 days ago

• Time Business News

The Best Laptops of 2025 Ranked: Which One Should You Buy

Choosing the right laptop in 2025 means balancing power, portability, battery life, and total cost of ownership. Whether you're a hybrid office worker, creative professional, or work-from-anywhere entrepreneur, our ranked list offers clarity, real-world context, and actionable insight. We've tested and fact‑checked the top contenders, so here's what you should seriously consider: Why it leads: The MacBook Air M4 remains the gold standard for most business users—boasting industry‑leading battery life (up to 18 hours reported), fanless cooling, and compatibility with top office suites like Microsoft 365, Adobe Creative Cloud, and Zoom . Real-world example: A financial analyst reports 'colleagues often forget my Air is even on standby—it's that efficient.' Pros & Cons: Pros: Lightweight (~2.7 lb); stellar battery; strong resale value ($999+ MSRP). Lightweight (~2.7 lb); stellar battery; strong resale value ($999+ MSRP). Cons: Max 24GB RAM; limited port options (2× USB‑C only). Ideal for: Managers, consultants, and creatives who value silent performance and longevity. Why it stands out: Blurring the line with MacBook, this ARM‑powered device offers stellar battery life (15–22 hours) and fanless efficiency . Windows on ARM is maturing fast. Real-world example: A software developer appreciates the 'built-in Copilot key' for boosting productivity and AI prompts. Pros & Cons: Ideal for: Hybrid professionals needing Microsoft ecosystem with exceptional battery life. Why it shines: A premium Windows option with AMOLED display, minimal aesthetic, and 'all‑day productivity' reliability . Real-world example: A business consultant uses it for multi-tab Excel sessions and client presentations without lag. Pros & Cons: Pros: Vibrant screen; stylish; reliable performance; good battery. Vibrant screen; stylish; reliable performance; good battery. Cons: Limited upgradeability; fairly premium price. Ideal for: Professionals seeking Apple‑like polish with Windows flexibility. Why it's a value pick: Known for portability (under 1 kg), military-grade build, and long battery life, it packs Snapdragon X with 32GB RAM & 1TB SSD Pros & Cons: Pros: Ultra-light; robust ports (USB4, HDMI 2.1); vibrant OLED. Ultra-light; robust ports (USB4, HDMI 2.1); vibrant OLED. Cons: Base price $1,099; modest performance for demanding tasks. Ideal for: Travelers and executives who prioritize weight and durability. Why it's unique: Delivers true sustainability via modular, repairable design—upgradable RAM, SSD, ports, even DIY builds from $899 Real-world example: A remote educator swapped in his own Wi‑Fi 7 card and bumped memory—no service center needed. Pros & Cons: Pros: Repairable; future‑proof; excellent community support. Repairable; future‑proof; excellent community support. Cons: Base i3 config underwhelms for power users; DIY not for everyone. Ideal for: IT‑savvy users and green‑tech advocates. Why it's powerful: A Windows powerhouse with Intel Ultra CPUs, RTX 40-series GPU, up to 64GB RAM and OLED/4K screens . Pros & Cons: Pros: Large vibrant screen; high-end specs; premium build. Large vibrant screen; high-end specs; premium build. Cons: Soldered memory; expensive ($1,699+). Ideal for: Creative professionals—video editors, architects, big-data analysts. Why gamers and creators love it: Slim yet potent gaming rig with RTX 5090 GPU, OLED 240 Hz, strong performance in creative apps Pros & Cons: Pros: Top-tier performance; desktop-grade GPU; sleek RGB. Top-tier performance; desktop-grade GPU; sleek RGB. Cons: Battery life suffers; pricey (~$4,500). Ideal for: Power users needing desktop-level graphics in a portable form. Why consider it: Named 'best budget laptop' of 2025, offering compelling performance for under $800 Pros & Cons: Pros: Affordable; lightweight; dependable performance. Affordable; lightweight; dependable performance. Cons: Basic build; battery underwhelms. Ideal for: Entry-level professionals, interns, or everyday tasks. Our rankings are based on: Performance benchmarks from tested sources like Laptop Mag, Windows Central, The Verge. Real-world user feedback, including Reddit's r/BuyItForLife: 'A MacBook Air is honestly the best overall laptop for like 80% of people…' Battery life tests—Apple hits 18 hr, Surface 22 hr, others deliver 10–17 hrs based on usage. Portability & build—risks versus functionality; e.g., Dell XPS 16 sacrifices weight but maximizes power. Total cost of ownership, factoring in longevity, repairability, and resale potential. Use Case Top Pick Why Everyday Office & Travel MacBook Air M4 Lightweight, long battery, MacOS stability Windows-first Business Users Surface Laptop 7 Exceptional battery, touchscreen, Copilot AI keys Creative & Multimedia Dell XPS 16 Large OLED, powerful GPU Gamers/High-end Tasks Razer Blade 16 RTX 5090, professional-grade specs Budget-conscious Professionals Acer Swift Go 14 Under $800; fulfills core tasks Repairability & Sustainability Framework 13 Modular upgrade paths, right-to-repair champion For most US-based professionals, the MacBook Air M4 hits the perfect balance—performance, battery, and price. If your workflow centers on Windows, the Surface Laptop 7 offers equivalent longevity with new Copilot AI features. Need heavier specs? Choose the Dell XPS 16 or Razer Blade 16. For budget-minded simplicity, stick with the Acer Swift Go 14. And if repairability matters, nothing beats the Framework 13. If you're outfitting a team for remote projects or hosting a temporary event setup, consider a laptop rental to reduce upfront costs while maintaining access to top-tier devices. It's a practical approach that's gaining traction across industries from tech conferences to short-term training programs. TIME BUSINESS NEWS

Forbes

3 days ago

• Forbes

It Is Time To Get SaaSsy With Cybersecurity

Corey Elinburg, Field CTO of Obsidian Security, has spent 25+ years helping industry giants from all verticals secure what matters most. Salesforce launched its SaaS platform in 1999. ServiceNow followed in 2004, Workday followed in 2006 and in 2008, Microsoft introduced the Business Productivity Online Suite, which later evolved into Office 365 and is now known as Microsoft 365—a platform many of us rely on today. Despite our accelerated adoption of and increasing reliance on SaaS, many enterprises still struggle to secure these platforms effectively. SaaS-related security incidents are on the rise, yet most organizations suffer from blind spots driven by a combination of technical, organizational and cultural challenges. Below are the most common reasons I've seen why SaaS security is often overlooked: Many organizations mistakenly believe that SaaS vendors are solely responsible for security. In reality, while vendors secure the infrastructure and core application, customers are responsible for securing how the service is used—this includes user access, data sharing, MFA enforcement and more. That responsibility can extend across hundreds or even thousands of configuration settings. Failure to understand this model often leads to neglected security tasks like access controls, audit logging or configuration hardening. Notably, the 2023 Snowflake-related breaches were attributed to customer-side misconfigurations—not vendor failures—impacting even large enterprises with mature security teams. Employees frequently adopt SaaS tools without going through IT or security, leading to 'shadow IT.' These unsanctioned tools often handle sensitive data but remain invisible to security teams. A 2025 study found that 55% of employees adopt SaaS without security's involvement, and 57% report fragmented administration—making consistent oversight a challenge for many organizations. This lack of visibility makes it difficult to enforce policies, manage risk or even know where critical data resides. As more teams adopt SaaS apps for convenience and speed, this problem continues to grow unchecked. SaaS security often gets deprioritized because security teams are stretched thin. A 2024 report from ISACA found that 61% of European security teams lack sufficient staff, and nearly half report budget constraints. With limited resources, security teams focus on more traditional and well-known threats—like malware or network attacks—while SaaS security falls by the wayside. Without dedicated SaaS tools or staff, tasks like access reviews to uncover local SaaS accounts and third-party integration audits that would be considered "standard modus operandi" for traditional IT are neglected. SaaS tools can be deployed as quickly as the swipe of a credit card. Often, IT is not the "owner" of the SaaS application. Line-of-business teams prioritize agility and productivity, not security oversight. As a result, governance processes can't corral or keep up with SaaS adoption. In fact, 65% of unsanctioned SaaS apps are adopted without IT's involvement, and 59% of IT leaders say SaaS sprawl is hard to manage. Security teams are left playing catch-up, trying to enforce controls after deployment, which is often too late. Enterprises often assume that if a SaaS vendor claims to be secure (e.g., with SOC 2 or ISO certifications), then no further action is needed. This misplaced trust creates a false sense of security. While SaaS vendors may protect infrastructure, they can't control how customers use their platforms. Misconfigured permissions, unsecured data sharing or unvetted integrations can still lead to breaches—even on compliant platforms. Many companies focus more on achieving compliance checkboxes than addressing actual risk. Regulatory frameworks like HIPAA or GDPR may mandate certain practices, but they don't cover every SaaS-specific risk. This compliance-centric mindset can lead to security complacency. Organizations may pass audits but still be vulnerable to evolving SaaS threats like OAuth abuse, insider risk or third-party API exploitation. SaaS apps rarely work alone—they connect to other tools via APIs or integrations. These third-party connections often have broad permissions and can serve as attack paths if not properly secured. A recent report found that 64% of active third-party SaaS integrations in enterprises are over-permissioned. And 68% had unknown or unmonitored third-party APIs, leaving them open to abuse or misconfiguration. SaaS security isn't neglected because organizations don't care—it's neglected because of visibility gaps, cultural misunderstandings, rapid adoption cycles and strained security resources. To close these gaps, enterprises need to: • Gain visibility into SaaS usage and integrations. • Clarify roles under the shared responsibility model. • Dedicate resources to SaaS posture management. • Adopt a risk-based approach, not just compliance. • Continuously monitor configurations, access and third-party connections. • Ensure their SOC and incident response teams are empowered with tooling to respond to SaaS-related incidents. With the right focus, SaaS security can become a strength rather than a blind spot. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?