One of the world’s premier tech events traditionally takes place every year in Las Vegas in early January. Sure, the Consumer Electronics Show (CES) pays attention to cybersecurity, but by no means is it top of the agenda. Looking for a giant monitor or AI washing machine? You’re in luck! Smart home protection against hackers? Might have to shop around a bit…

We’ve picked out the top trending announcements at CES 2025, with a focus on what new cyberthreats to expect as the latest innovations hit the shelves.

NVIDIA Project DIGITS: your own mini supercomputer for running AI locally

NVIDIA founder Jensen Huang unveiled the company’s Mac-Mini-sized supercomputer to CES visitors. Powered by the GB10 Grace Blackwell “superchip” with a minimum 128 GB of memory, the device is capable of running large language models (LLMs) with 200 billion parameters. Connect two such computers, and you can run even larger models with up to 400 billion parameters! However, the US$3000 price tag will limit the buyer audience.

Cybersecurity aspect: running LLMs locally stops confidential information from leaking to OpenAI, Google Cloud, and other such services. Until now, this wasn’t very practical: on offer were either greatly simplified models that struggled to run on gaming computers, or solutions deployed on powerful servers in private clouds. “NVIDIA Project DIGITS” now made it easier for both small companies and wealthy hobbyists to run powerful local LLMs.

The GB10 Grace Blackwell superchip, 128 GB of RAM, and 4 TB of SSD storage make this NVIDIA offer a decent platform for a local neural network. Source

Roborock Saros Z70: a “handy” vacuum cleaner

The inability of robot vacuum cleaners to cope with stairs and other obstacles, including things lying around, greatly limits their usefulness. Roborock’s new model solves the latter issue with an extensible arm that picks up small and light objects from the floor.

Cybersecurity aspect: the Saros Z70’s object-rearranging ability is very limited, and Roborock has not been involved in any major cybersecurity scandals. So we’re unlikely to see any game-changing risks compared to existing vacuum cleaners. But later models or competitors’ products can theoretically be used in cyberphysical attacks such as burglary. For instance, researchers recently showed how to hack Ecovacs robot vacuums.

But the Saros Z70 is notable for more than just its mechanical hand. Another of its officially announced features is video surveillance. The vendor claims that camera footage never leaves the device, but we’ll believe that when we see it. After all, you’ll probably at least need a separate device to view the footage. The StarSight 2.0 system, due with a later software update, will let you train the robot to recognize specific household objects (for example, favorite toys) so that it can show where it last saw them on a map of your home. As to whether this handy feature works entirely on the device — or data about things in your home gets fed to the cloud — press releases are maintaining a tactful silence.

The Roborock Saros Z70 can lift and carry objects weighing up to 300 grams. Source

Bosch Revol: preying on parental fear

How did a baby rocker manage to take home the “Least private” mock award for gadgets at CES 2025, as judged by Electronic Frontier Foundation and iFixIt? The Bosch Revol Smart Crib not only automatically rocks the crib, but continuously collects video and audio data, while simultaneously scanning the baby’s pulse and breathing rate using millimeter-wave radar. It also monitors temperature, humidity and fine-particle pollution levels. The camera is equipped with object recognition to detect toys, blankets and other potentially dangerous objects near the infant’s face. All data is instantly streamed to a parental smartphone and to the cloud, where it remains.

Cybersecurity aspect: other vendors’ video baby monitors have been dogged by scandals, and hacked to conduct nasty pranks and spy on parents. In the case of the Revol, not only video, but medical data could end up in cybercriminal hands. When it comes to child and health-related tech, a cloud-free setup as part of a well-protected smart home is the way to go.

TP-Link Tapo DL130: in the same vein?

Among the many smart locks unveiled at CES 2025, it was TP-Link’s model that stood out for a feature that’s still quite rare — biometrics based not only on face/fingerprint recognition, but also on palm veins matching. Simply wave your hand in front of the sensor, and the system will identify you as the owner with high accuracy. Unlike more common biometric factors, this method doesn’t depend on lighting conditions, and works well even with wet and dirty hands. Plus, it’s more difficult to fake.

Cybersecurity aspect: smart locks can be integrated into your home network and interact with your smart home (such as Alexa or Google Home), which creates a wide cyberattack surface. Given the numerous critical vulnerabilities in other TP-Link equipment, there’s a risk that flaws in smart locks will allow attackers to open them in unconventional ways.

Security researchers are sure to put TP-Link’s smart lock under the microscope once it goes on sale. Source

Google Home + Matter: a cloud-free sky home

A major update to Google’s smart home hubs means they can now control curtains, sockets, light bulbs and other devices via the Matter protocol without connecting to a cloud server. At the heart of your smart home can be a Google Nest — an Android 14 smart TV or even a Chromecast device. Tell Google Assistant to “switch on the bedroom light”, and the command will be carried out even without an internet connection, and with minimal delay.

If a staunch advocate of a cloud-based future like Google has implemented such offline scenarios, the demand for such functionality must be huge.

Cybersecurity aspect: local control of your smart home reduces the risk of compromise and improves privacy — less data about what goes on in your home will leak to equipment vendors.

Halliday Glasses: improve your AI-sight

We chose Halliday AR glasses for the innovative image projection system that makes them lighter and more compact — though our takeaways also apply to dozens of other smart glasses presented at CES 2025. While some models address a simple and specific issue — such as combining glasses with a hearing aid or serving as a near-eye display for computer users on board a plane — quite a few of them come equipped with an AI assistant, camera, ChatGPT integration, and other features that potentially can be used to spy on you. They’re used for live translation, teleprompting and other productivity-boosting tasks.

Cybersecurity aspect: all AI features involve shifting large amounts of data to the makers’ servers for processing, so local AI in glasses is still a long way off. But unlike with computers and smartphones, the voices, photos and videos of all those around you will be included in the information flow generated by the glasses. From an ethical or legal standpoint, wearers of such glasses may have to continuously ask permission from everyone around to record them. And those who don’t want to pose for Sam Altman should look out for wearers of smart glasses among their peers.

Sony Honda AFEELA: I feel it’s going to be driving by subscription

This luxury electric car from two Japanese giants is available to preorder — but only to California residents and with rollout scheduled for 2026 or later. Nevertheless, the Japanese vision could become the envy even of Google: the price of the vehicle includes a “complimentary three-year subscription” to a variety of in-car features, including Level 2+ ADAS driver-assist and an AI-powered personal assistant, and a choice of interactive car design and entertainment features such as augmented reality and “virtual worlds”.

At the CES 2025 demonstration, the car was summoned onstage by the voice command “Come on out, Afeela” — but it remains unclear whether this handy feature will be available to drivers.

Cybersecurity aspect: we’ve spotlighted the risks and vulnerabilities of “connected” cars many times. Whether manufacturers will be able to keep the security bar high, not only for vehicles, but also for telematics systems (especially critical if smart driving becomes subscription-based), is a big question for the future. Those who don’t like the idea of their car suddenly turning into an iron pumpkin pending a software update or after a cyberattack are advised to refrain from splashing out… at least for another decade or so.

BenjiLock: a biometric padlock

Now you can lock up your bike (or barn or whatever) without memorizing a code or carrying around a key. As the name suggests, the BenjiLock Outdoor Fingerprint Padlock is a padlock that stores and recognizes fingerprints — up to ten of them. No smartphone or Wi-Fi required, all the magic happens inside the lock itself. The device is resistant to both moisture and dust, and (according to the manufacturer) works on one charge for up to a year.

Cybersecurity aspect: only real-world tests can prove resistance to old-school lock picking and inexpensive fingerprint faking. Smart locks are often vulnerable to both.

Kaspersky official blog – ​Read More

2024 has been an eventful year in the world of cybersecurity, with new trends emerging and malware families evolving at an alarming rate. Our analysis highlights the most prevalent malware families, types, and TTPs of the year, giving you a snapshot of the changing threat landscape. 

This report is based on the analysis of 4,001,036 public sessions conducted by ANY.RUN’s community inside the Interactive Sandbox over the last 12 months, which is 1 million more than the 2,991,551 sessions in 2023. Of these, 790,549 were tagged as malicious and 211,517 as suspicious, reflecting a rise in suspicious activity compared to the 148,124 suspicious sessions identified in 2023. 

ANY.RUN identified an astonishing 1,872,273,168 IOCs in 2024—nearly three times more than the 640,158,713 IOCs uncovered in 2023. This sharp growth highlights not only the expanding use of the platform but also the improved threat coverage and detection capabilities of ANY.RUN. 

Top Malware Types in 2024 

In 2024, Stealers dominated with 51,291 detections, marking a significant rise compared to 2023, when they were in second place with just 18,290 detections. This highlights their growing popularity among attackers for data theft. 

Loaders moved to second place in 2024 with 28,754 detections, a slight increase from their leading position in 2023, where they accounted for 24,136 detections. Despite the shift, Loaders remain a critical component in delivering malware payloads. 

RATs (Remote Access Trojans) maintained their third position but saw an increase from 17,431 detections in 2023 to 24,430 detections in 2024, reflecting their continued importance in providing attackers remote control over compromised systems. 

To collect fresh threat intelligence on emerging cyber threats, make sure to use TI Lookup, a service that lets you search ANY.RUN’s vast database of the latest threat data.

It features over 40 search parameters, including IPs, mutexes, and even YARA rules, allowing you to pin the tiniest artifacts to specific malware and phishing attacks and enrich your TI with additional context and actionable indicators.

Learn more about Threat Intelligence Lookup →

Top Malware Families in 2024 

In 2024, Lumma Stealer jumped straight to the top with 12,655 detections, taking over the ranking from nowhere as it wasn’t seen in the 2023 report. Its rapid rise shows how quickly cybercriminals have adopted it. 

Agent Tesla moved up to second place in 2024 with 8,443 detections, compared to 4,215 detections in 2023 when it was in third place. Its continued presence shows it remains a go-to choice for attackers. 

AsyncRAT claimed third place in 2024 with 8,257 detections, while in 2023, Redline was the most popular malware family with 9,205 detections, and Remcos followed with 4,407 detections. 

With TI Lookup, you can track all of these and other malware families and stay updated on their evolving infrastructure. Here is an example of a request to TI Lookup to find Lumma domains:

The service provides a list of relevant domain names used by the malware. Many of them are marked with the malconf tag, indicating that these domains were extracted from Lumma samples’ configurations.

Top MITRE ATT&CK Techniques in 2024 

The MITRE ATT&CK framework is a globally recognized resource that breaks down how attackers operate, mapping their tactics and techniques into clear categories. It’s an invaluable tool for cybersecurity professionals to understand and respond to threats effectively. 

In 2024, ANY.RUN recorded over 1.4 million matches to ATT&CK techniques, a noticeable increase from 1.2 million matches in 2023.  

The rankings saw some significant changes: Masquerading (T1036.005), the top technique in 2023 with 486,058 matches, was overtaken in 2024 by PowerShell (T1059.001) and CMD (T1059.003), which led the list with 162,814 and 148,443 matches, respectively. 

In 2024, new techniques appeared that were absent in 2023, including Python scripting (T1059.004) with 50,002 matches, System Checks for Sandbox Evasion (T1497.001) with 47,630 matches, and Linux Permissions Modification (T1222.002) with 38,760 matches. 

Top TTPs highlights: 

• Scripting Dominance (T1059.001 & T1059.003): 
  PowerShell and Windows CMD remain the top tools for attackers, with over 310,000 detections combined. Their flexibility and integration with systems make them ideal for executing malicious commands. Monitoring script activity and implementing strict execution policies are critical defenses. 

• Evasion Tactics on the Rise (T1497.003 & T1036.003): 
  Sandbox evasion through time-based delays (134,260 detections) and masquerading via renamed system utilities (126,008 detections) highlight attackers’ focus on stealth. Behavioral analysis and anomaly detection can help counter these techniques. 

• Targeting Defenses (T1562.002): 
  Disabling antivirus tools was detected 122,256 times in 2024, showcasing its effectiveness for attackers. Organizations must invest in layered defenses that can identify and respond to tampering attempts in real-time. 

• Exploiting System Services (T1569.002 & T1218.011): 
  Adversaries frequently used system services like Rundll32 (86,760 detections) and service execution (51,345 detections) to execute malicious code while blending into normal operations.  

• Phishing and Email Collection (T1114.001 & T1566.002): 
  Techniques like local email collection (85,546 detections) and spearphishing links (35,272 detections) remained effective, especially in targeted attacks. Robust email filtering and user training remain vital for reducing these risks. 

Report Methodology 

This report is built on insights from 4,001,036 tasks submitted to our public threat database in 2024. Each task represents the hard work and curiosity of our community of researchers, who used ANY.RUN to uncover threats and analyze malware.  

About ANY.RUN  

ANY.RUN helps more than 500,000 cybersecurity professionals worldwide. Our interactive sandbox simplifies malware analysis of threats that target both Windows and Linux systems. Our threat intelligence products, TI Lookup, YARA Search and Feeds, help you find IOCs or files to learn more about the threats and respond to incidents faster.  

Get a 14-day free trial of ANY.RUN’s products →

The post Malware Trends Overview Report: 2024 appeared first on ANY.RUN’s Cybersecurity Blog.

ANY.RUN’s Cybersecurity Blog – ​Read More