In this workshop recording from the IT Nation Secure 2025 Pre-Day Conference, leaders from Lumu Technologies, including CEO Ricardo Villadiego and Dr. Chase Cunningham, explore the current cybersecurity threat landscape. They emphasize that while defensive tools are evolving, adversaries are equally utilizing advanced technology to improve their attacks. Attackers are highly aware of existing controls and consistently focus their efforts on circumventing them to gain unauthorized access and compromise networks.
The speakers highlight the critical limitations of traditional endpoint detection and response (EDR) solutions, noting that significant blind spots remain. Cybercriminals frequently exploit trusted software to deploy threats like ransomware, leveraging remote monitoring tools to stay hidden. The workshop underscores the importance of early detection in the cyber kill chain and the need for MSPs to leverage comprehensive visibility to stop malicious behavior before full-scale exploitation and privilege escalation occur.
Takeaways
- Threat actors use the same technological advancements as defenders to bypass existing security controls.
- Attackers often exploit trusted software and RMM tools to gain network access and push ransomware.
- Waiting for bad behavior like privilege escalation means you are already halfway through the cyber kill chain.
- Traditional EDR solutions have significant limitations and fail to provide complete network visibility.
- Infostealers like Lumma remain persistent because operators can quickly build new infrastructure for compromised devices to reconnect.
