Webinar Replay: Q1 2025 Cyber Threat Landscape Briefing – Lens On Crypto
Our quarterly threat landscape reports are fueled by frontline incident response intel and elite analysts.The first quarter of 2025 saw the continuation of complex themes that shaped the threat landscape in 2024. Email compromise retained its place as the most prominent threat type, while phishing continued to take the lead in initial access methods. Yet, another trend that persisted was that of groups such as AKIRA, PLAY and LOCKBIT retaining their place as key ransomware players. However, alongside familiar threat types and players, risks associated with cryptocurrency proved to be a notable theme in Q1, likely due to changing regulations and a rise in malware leveraging the blockchain.
During the session, our experts—Keith Wojcieszek, Edward Currie and George Glass—explore key trends and outline insights drawn from thousands of cyber incidents handled worldwide each year. They also address the issues that organizations should be aware of, including notable threat incidents and active ransomware groups.
The briefing covers:
- Notable themes and patterns defining the threat landscape, particularly emerging risks and issues associated with cryptocurrencies, such as organized cybercrime and global regulation
- In-depth analysis of novel attack methods leveraging the blockchain in Q1 2025
- Case studies on notable crypto-related cybercrime from Q1 2025 and what can be learned from these events
- Insights into key shifts in regulations relating to cryptocurrencies
- Specific steps your organization can take to stay secure
Key Sections From the Webinar
Security Threats Diversify
“It's interesting that we've seen an uptick in malware being the initial access vector with web compromise, many of them because of the click fix or fake CAPTCHA technique.” - Keith Wojciesek
Here, our experts provide a recap of the key security trends that took center stage in the first quarter of 2025, looking at issues such as malware, valid accounts, phishing, the exploitation of public facing applications and ransomware. The team discusses these and other notable themes shaping the threat landscape. Watch now to learn more.
Crypto Threats Grow
“We have seen growing concern among companies in the crypto industry, not just in relation to their cybersecurity around crypto, but also about their physical security.” – Edward Currie
Here, the team explores a pivotal focus for cyberattackers in Q1 2025: cryptocurrency. Alongside the emergence of 2025 as likely the riskiest year for physical security of those associated with crypto, our experts outline how the world’s largest crypto theft was executed, delve into key political shifts and discuss regulatory requirements, such as DORA, and their implications for businesses. Watch now.
Malware Evolves
“We're seeing far less of the sort of ‘land and expand’ methodology where threat actors would land some malware and then there's some other custom malware to go and spread into the rest of the organization. We're seeing a lot more of what in the industry they're calling ‘malware-less’ attacks where it's mostly about living off the land binaries and deployment of information stealers.” – George Glass
Discover the key malware trends impacting organizations in Q1 2025. From FULLMETAL to IDATLOADER, our experts highlight the key players and notable patterns defining the past few months. Watch now to learn more.
Crypto Heist Causes HAVOC
“These two pieces of malware are representative of a highly skilled attacker. The key takeaway here is just how much time and effort were put into producing these two pieces of malware and how much the threat actor knew to bypass endpoint detection response tooling.” - George Glass
Here, our experts provide an in-depth overview of a case in which a high-net-worth individual was targeted with highly customized malware, leading to the theft of a significant amount of cryptocurrency assets. The attacker leveraged social engineering, drawing on an impressive amount of reconnaissance and developing two new pieces of malware to exploit the victim. Watch now.
CLEARFAKE Leverages EtherHiding
“CLEARFAKE is very interesting. It uses a technique that makes use of the blockchain to deliver its malicious payloads. As a prolific delivery mechanism, it uses blockchain to make immutable, malicious payloads that can be reused over and over again by multiple different infected websites.” – George Glass
Here, our experts take a deep dive into a case in which CLEARFAKE leveraged EtherHiding as a delivery mechanism to store malicious JavaScript on the blockchain as part of a smart contract that could then be used to execute that malicious code within a browser. Watch now for insights into this sophisticated approach that enables attackers to bypass defenses on both the website and on any type of network interception happening between the victim and the malicious website.
Infostealers Persist
“Information stealers are very challenging. Usually by the time they are detected, they've already run, they've already executed in memory, and they've got what they need.” - George Glass
Here, our experts outline the critical challenge posed by infostealers, discussing how they behave, and highlighting the fact that this threat is still significant, despite updates to web browsers. Watch now to learn about approaches for addressing this threat, such as carefully auditing the use of tokens, using good endpoint detection response tools, and providing awareness and education for users.
Safeguard Your Organization
“It's always good to make sure that you're constantly testing, reviewing and always making backups. Reviews your logs and ensure that everything is being reviewed. This is best if it's a third-party review, for another set of eyes.” – Edward Currie
The diversity of threat actors and types identified in Q1 2025 necessitates organizations to leverage a range of practices and tools in response. Drawing on their extensive experience on the frontlines of cybersecurity, our experts detail the steps businesses should take to defend themselves in a volatile security landscape. Watch now.
Stay Ahead With Kroll
Cyber and Data Resilience
Kroll merges elite security and data risk expertise with frontline intelligence from thousands of incident response, regulatory compliance, financial crime and due diligence engagements to make our clients more cyber resilient.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Malware Analysis and Reverse Engineering
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Ransomware Preparedness Assessment
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
