As cyber threats continue to evolve, Computer Emergency Response Teams (CERTs) worldwide play a vital role in identifying, analyzing, and responding to new trends. In 2025, leading CERTs — including MyCERT (Malaysia), US-CERT-CISA) — have published key advisories outlining serious risks. For ISO 27001-certified security teams, these insights highlight the urgent need for real-time detection, adaptive controls, and integrated tooling.
-
Exploitation of Software Supply Chains and Third-Party Vendors
CERTs such as US-CERT and MyCERT have raised concerns about the persistent threat of software supply chain attacks. Vulnerabilities in trusted third-party platforms — such as the MOVEit Transfer vulnerability — have enabled massive data breaches.
ISO 27001 Context: Annex A.15.1 (Information Security in Supplier Relationships) requires organizations to assess and monitor third-party access and data handling practices. SIEM solutions like Stellar Cyber offer behavior profiling and third-party access monitoring to fulfill this need.
-
Increased Focus on OT and Critical Infrastructure Attacks
MyCERT have published alerts about increased targeting of Operational Technology (OT) environments — including energy, transport, and manufacturing sectors.
Mitigation: Integrating OT traffic into Stellar Cyber’s SIEM allows SOC teams to map lateral movement between IT and OT segments. This supports ISO 27001 control A.13.1.3 (Segregation in networks) by identifying and isolating high-risk pathways.
-
MFA Fatigue and Identity-Based Attacks
MFA (Multi-Factor Authentication) was once considered a robust defense — but CERTs now report widespread abuse through “MFA fatigue” attacks. This involves spamming authentication prompts until the user unknowingly accepts access.
Defensive Strategy: SentinelOne’s behavior-based detection can flag unusual login sequences, while ISO 27001 control A.9.4.2 (Secure log-on procedures) mandates multi-layered access monitoring and response.
-
Professionalization of Cybercrime-as-a-Service (CaaS)
CERTs warn that ransomware gangs are evolving into full-fledged service providers. Malware-as-a-Service (MaaS) and CaaS platforms offer affiliate programs, tech support, and even revenue sharing for attackers.
Organizational Response: SIEMs like Stellar Cyber, backed by threat intelligence feeds, help detect TTPs associated with known ransomware groups. ISO 27001 control A.12.6.1 (Controls against malware) must be continuously reviewed in light of evolving threats.
-
Deepfake and Synthetic Identity Attacks
CISA and MyCERT have flagged an increase in deepfake scams — including AI-generated voice calls and video impersonations used in executive fraud and spear phishing.
Action: SentinelOne’s advanced EDR and Stellar Cyber’s user behavior analytics can flag anomalies in user identity and access. These complement ISO 27001 control A.9.2.1 (User registration and de-registration) by validating user authenticity at each stage of access.
-
Failure to Patch Legacy Systems
Despite years of awareness campaigns, legacy systems remain widely exploited. CERTs continue to observe attackers leveraging outdated Windows services, unpatched web servers, and EOL software.
Remediation Strategy: Tools like Tenable.io scan continuously for outdated or vulnerable systems. Combined with Stellar Cyber’s attack path mapping, SOC teams can visualize risk exposures and prioritize mitigation — aligning with ISO 27001 control A.12.6.1 and A.18.2.3 (Technical compliance review).
Final Thoughts
In 2025, every cyber threat is faster, stealthier, and more interconnected across supply chains, identities, and OT environments. CERT reports make it clear: ISO 27001-aligned security teams that adopt adaptive controls, integrated tooling, and real-time detection will outpace attackers.
AI-assisted EDR and SIEM platforms can dramatically speed up investigation and response, but they are not a silver bullet. False positives, blind spots, and limited explainability mean human oversight is still essential for tuning and contextual decision-making.
The future of cybersecurity isn’t about replacing analysts with automation — it’s about equipping them with smarter, faster tools and timely threat intelligence to act decisively without losing control or visibility.
🛡️ Don’t wait for your employees to be the last line of defence.
👉 Start with Exabytes eSecure to assess your risks, strengthen ISO 27001 controls and finally to explore with cybersecurity-related issues.
References
-
CISA. (2025). 2025 Cybersecurity Advisory: Synthetic Identity and MFA Attacks. Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov
-
MyCERT. (2025). Malaysia Cyber Threat Bulletin 2025. Malaysian Computer Emergency Response Team. https://www.mycert.org.my
-
Tenable. (2025). Risk-Based Vulnerability Management Guide. https://www.tenable.com
