2025's ransomware trends and zombie vulnerabilities
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “2025's ransomware trends and zombie vulnerabilities” inside PodZeus.
In this episode of Talos Takes, Amy and research lead Pierre Cadu dive into the 2025 Talos Year in Review, focusing on ransomware trends and persistent vulnerabilities. Manufacturing remains the top target due to high downtime tolerance and increasing convergence between IT and OT networks, creating new attack surfaces. Ransomware groups like Chilin, Akira, and Play maintained long-term momentum through consistent tactics, use of 'living off the land' tools, and effective affiliate compensation. The episode highlights how adversaries exploit standard admin tools like RDP, PSExec, and PowerShell, making visibility and context crucial for detection. January, traditionally a quiet month for ransomware, offers a rare window for defenders to reassess and retool—but the team stresses that proactive security should be continuous, not seasonal. The discussion then shifts to 'zombie vulnerabilities' like Log4J, which remain exploitable years after disclosure due to poor asset management and embedded legacy code. Finally, network infrastructure targets such as ADCs and VPNs are prized by attackers for their access to network architecture and authentication systems, especially when weak or single-factor authentication is in place. The episode concludes with a call to action: leverage the freely available year-in-review report to strengthen defenses.
Manufacturing is the top ransomware target due to high downtime sensitivity and growing IT/OT convergence.
Ransomware groups sustain operations through consistent tactics, affiliate incentives, and 'living off the land' tools.
January is a rare lull in ransomware activity—use it to plan, but maintain year-round security cycles.
Zombie vulnerabilities like Log4J persist due to poor asset management and embedded legacy code.
VPNs and management platforms are high-value targets because they provide access to network architecture and persistence.
…and 2 more takeaways available in PodZeus
Introduction to the 2025 Talos Year in Review
Amy introduces the episode and the focus on ransomware trends and persistent vulnerabilities from the Talos 2025 Year in Review report.
Manufacturing as the Top Ransomware Target
“Manufacturing has very low tolerance for downtime. They have very tight production schedules and resource requirements.”
Ransomware Groups: Chilin, Akira, and Play
“Money is a powerful motivator. It gets them to do this whole thing and it gets all these other folks to, again, join them in this journey.”
Living Off the Land: Detecting Malicious Use of Admin Tools
“Without that, you don't have a context. You can then start jumping at shadows if you go too far...”
The January Lull and Strategic Defense Planning
“Don't let it be like, you know, how people have in their personal lives a new year's resolution where you really do it in January and then it kind of dies off in February, March, April.”
“If it's single-factor authentication, don't do this at home, kids. Please make sure to have multi-factor deployed.”
“Adversaries will also scan your environment happily, but they won't tell you what they're just going to come in and use it.”
“Money is a powerful motivator. It gets them to do this whole thing and it gets all these other folks to, again, join them in this journey.”
Host
Guest
Pierre Cadu
person
Amy
person
Talos
organization
Log4J
product
Chilin
organization
VPNs
product
SharePoint
product
Play
organization
PowerShell
product
Akira
organization
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “2025's ransomware trends and zombie vulnerabilities” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime