fbpx
Sophic Capital
Subscribe
Subscribe

Cybersecurity Roundup – Part 1

Mar 12, 2025 | PLUR, Sophic Capital

Themes, Trends, and Plurilock’s Strategic Position

 

2024 in Review: A Cybersecurity Imperative

Cybersecurity became a critical operational focus in 2024, with attacks on governments and enterprises escalating worldwide. Compliance demands increased alongside a worsening shortage of skilled cybersecurity professionals, leaving organizations vulnerable to sophisticated threats. This heightened urgency shifted cybersecurity from a discretionary investment to an indispensable necessity.

Major incidents, including state-sponsored espionage campaigns like the Salt Typhoon and ransomware attacks targeting critical infrastructure and consumer data, underscored the risks facing both public and private sectors. Organizations worldwide adopted Zero Trust models (an approach to securing systems, networks, and data that assumes no user, device, or connection can be inherently trusted), while government initiatives and revised budgets created regulatory tailwinds for the industry.

Key Themes in 2024

Rising Compliance and Zero Trust Adoption

Compliance requirements surged, fueled by stricter regulations like the National Institute of Standards and Technology (NIST) cybersecurity framework in the U.S., which provides a set of best practices and guidelines to help organizations identify, protect, detect, respond to, and recover from cyber threats. Internationally, governments and regulatory bodies implemented similar standards to strengthen cybersecurity across industries, particularly in sectors handling sensitive data.

At the same time, organizations increasingly adopted the Zero Trust security model, a cybersecurity approach that assumes no user, device, or system should be inherently trusted, even if it is inside a network. Instead, Zero Trust requires continuous authentication, strict access controls, and real-time monitoring to ensure that only verified users and devices can interact with critical systems. This approach was especially crucial for federal agencies, financial institutions, and enterprises managing critical infrastructure, as cyberattacks targeting these sectors grew more sophisticated.

The combination of stricter compliance mandates and the rise of Zero Trust has reshaped how organizations approach cybersecurity, driving demand for advanced security solutions that ensure compliance, reduce risk, and safeguard mission-critical operations.

Sophic Capital - Logo - Colour
AI-Driven Cyber Threats

Generative AI, a type of artificial intelligence that can create new content, was weaponized by attackers to create more personalized phishing emails, automate social engineering, and exploit vulnerabilities at scale. The sophistication of AI-driven attacks challenged traditional detection methods, driving demand for AI-enabled defense systems capable of proactive threat identification and response.

In 2024, we saw a rise in attackers leveraging advanced technologies to enhance the sophistication and scale of their operations. Here are some notable examples:

  • SugarGh0st RAT Targeting AI Experts: The SugarGh0st Remote Access Trojan (RAT) was employed in cyber espionage campaigns targeting government agencies and private sectors across EMEA and Asia. In May 2024, the threat actor known as SweetSpecter launched a phishing campaign using SugarGh0st to target U.S. artificial intelligence experts, including employees of OpenAI, aiming to extract non-public information.
  • Deepfake Scams: Scammers utilize advanced, low-cost AI technology to create convincing fake visual and audio content, including video conference calls impersonating executives. In one instance, a finance worker was deceived into transferring US$25 million after a deepfake video call.
  • AI-Backed Operation Targeting U.S. Senator: An advanced deepfake operation targeted U.S. Senator Ben Cardin, involving a convincing video call with an AI-generated impersonation of Ukrainian Foreign Minister Dmytro Kuleba. The sophisticated attack aimed to extract sensitive political information, reflecting the emerging trend of using AI-backed schemes for fraud and misinformation.
  • Microsoft saw threat actors increase from 300 to more than 1,500 in 2024 with the number of cyberattacks increasing from 579 attacks per second in 2021 to over 7,000 password attacks per second in 2024. Once a user clicks on a malicious link, attackers can now breach systems within an average of 72 minutes.

These incidents underscore the escalating threat posed by AI-driven cyber attacks, highlighting the need for advanced, AI-enabled defense systems capable of proactive threat identification and response. CrowdStrike CEO George Kurtz described the current landscape as a fast-moving geopolitical AI competition. Speaking with analysts after their recent earnings call, he emphasized that AI is now mandatory across all company teams and will be a key driver of future growth.

Talent Shortages

The cybersecurity industry continues to grapple with a significant talent shortage, with estimates indicating a shortfall between 2.8 million to 4.8 million professionals. In the United States alone, there are between 450,000 to 500,000 unfilled cybersecurity positions. This talent gap created opportunities for outsourced cybersecurity services, particularly in critical areas like penetration testing, incident response, and zero trust implementation.

This gap has prompted industry leaders to voice their concerns:

  • Chuck Robbins, CEO of Cisco: “We must close the growing cyber skills gap by focusing on training, reskilling,  recruiting, and retaining cybersecurity talent.”
  • A Boston Consulting Group report noted, “Companies are adopting new technologies, including AI and GenAI, for cybersecurity functions such as predictive analytics and detecting anomalies. Yet they struggle to fill cybersecurity jobs, and the 28% vacancy rate for those positions is impeding their ability to address escalating threats.”
  • The Cybersecurity and Infrastructure Security Agency (CISA) has faced significant workforce reductions, with over 130 positions cut, leading to concerns about retaining talent and attracting new employees.

This talent deficit underscores the need for organizations to seek external expertise to safeguard their digital assets.

Sophic Capital - Logo - Colour
Quantum Computing Risks

Quantum computing’s potential to break existing encryption methods posed an existential risk to cybersecurity frameworks. Organizations began exploring quantum-resistant cryptography to future-proof sensitive data, particularly in finance, healthcare, and government sectors.

The day when quantum computers can break today’s encryption, often referred to as “Q-Day”, represents a turning point for global cybersecurity. Organizations storing encrypted data today risk “harvest now, decrypt later” attacks, where cybercriminals collect encrypted data with the expectation that quantum decryption will eventually be possible. Without quantum-resistant encryption, organizations could see their most sensitive information compromised retroactively.

In 2024, quantum computing achieved significant milestones, underscoring its potential to revolutionize various sectors and challenge existing cybersecurity frameworks. Notable events include:

  • Google’s Introduction of the ‘Willow‘ Quantum Chip: In December 2024, Google unveiled ‘Willow,’ a groundbreaking quantum computing chip measuring just 4 cm². This chip demonstrated the capability to perform computations in five minutes that would take classical supercomputers an unfathomable 10 septillion years, marking a monumental leap in processing power.
  • China’s ‘Origin Wukong‘ Quantum Computer: China’s Origin Quantum Computing Technology announced a significant achievement with its 72-qubit ‘Origin Wukong’ quantum computer. Since its cloud deployment in January 2024, it has attracted over 20 million remote visits from researchers across 139 countries, highlighting global interest and collaboration in quantum advancements.
  • Record-Breaking Funding in Quantum Computing: By mid-November 2024, quantum computing startups secured a record US$1.5 billion in funding, nearly doubling the total from 2023. This surge reflects growing investor confidence in the transformative potential of quantum technologies.
  • Collaborative Breakthroughs by Microsoft and Quantinuum: In April 2024, Microsoft and Quantinuum announced a collaboration that ushered in a new era of quantum computing. Their joint efforts focused on enhancing qubit stability and coherence, addressing critical challenges in scaling quantum systems.

These events collectively highlight the rapid advancements in quantum computing throughout 2024, emphasizing the need for industries to adapt to emerging technologies and address associated cybersecurity challenges.

Supply Chain Vulnerabilities

Third-party relationships became a major vector for attacks, with supply chain vulnerabilities allowing cybercriminals to infiltrate larger networks. Organizations were forced to reevaluate vendor security and invest in solutions to secure their ecosystems.

In 2024, several significant supply chain cyber incidents underscored the vulnerabilities inherent in third-party relationships:

  • Ransomware Attack on Blue Yonder Disrupts Major Retailers: Blue Yonder, a prominent supply chain software provider, suffered a ransomware attack that disrupted operations for several major retailers, including Starbucks and UK grocery chains Sainsbury’s and Morrisons. The breach affected systems managing critical functions such as scheduling and inventory, forcing companies to implement manual processes and contingency plans.
  • PyPI Supply Chain Attack Unveils JarkaStealer Malware: Cybersecurity firm Kaspersky uncovered a year-long supply chain attack targeting the Python Package Index (PyPI), a repository widely used by developers. Attackers uploaded malicious packages containing JarkaStealer malware, designed to exfiltrate sensitive information from infected systems. These packages were disguised as legitimate tools, highlighting the risks within open-source ecosystems.
  • Typosquatting Attack on NPM Library Targets Developers: Researchers detected a supply chain attack on the Node Package Manager (NPM) library. Attackers published over 287 malicious packages using typosquatting techniques—slightly altering legitimate package names—to trick developers into downloading compromised code. This attack underscored the importance of vigilance in managing software dependencies.
  • CloudSorcerer APT Exploits Public Cloud Infrastructure: Kaspersky identified the CloudSorcerer Advanced Persistent Threat (APT) group leveraging public cloud infrastructure for large-scale data exfiltration and surveillance. The attackers used sophisticated phishing campaigns to infiltrate government and private sector organizations, particularly targeting research institutions and critical infrastructure, highlighting the evolving nature of supply chain threats.
  • DuneQuixote Malware Targets Intellectual Property: The DuneQuixote malware campaign, which targeted intellectual property in the technology and energy sectors. The malware employed fileless techniques, operating entirely in memory to evade detection, and exploited compromised software updates and supply chain vulnerabilities, emphasizing the need for robust security measures in software development and distribution.

These incidents highlight the critical need for organizations to reassess vendor security and invest in comprehensive solutions to protect their supply chains.

Cybersecurity in 2025 and Beyond

The events of 2024 reinforced cybersecurity as an urgent and evolving necessity for organizations worldwide. The rise of AI-driven attacks, growing regulatory pressures, persistent talent shortages, quantum computing threats, and supply chain vulnerabilities have collectively reshaped how governments and enterprises approach security. Cyber resilience is no longer an option—it is an operational imperative.

As we look ahead to 2025, these trends will likely continue to accelerate. Regulatory bodies will further tighten cybersecurity compliance requirements, AI-powered threats will become more advanced, and quantum computing will edge closer to disrupting encryption as we know it. Organizations will need to invest in proactive security strategies, AI-enabled threat detection, and Zero Trust frameworks to stay ahead of the rapidly shifting threat landscape.

In our next report, we will explore how Sophic Capital client Plurilock Security Inc. [TSXV:PLUR, OTC:PLCKF]  is positioned to capitalize on these industry trends in 2025. We will also examine key growth opportunities, including the Company’s push into high-tech manufacturing and commercial enterprise markets, its role in post-quantum security, and how it plans to scale high-margin security services in the year ahead.

Cybersecurity threats are not slowing down—neither is Plurilock.

Sophic Capital - Logo - Colour

Disclosures

Plurilock Security Inc. [TSXV:PLUR, OTC:PLCKF] has contracted Sophic Capital for capital markets advisory and investor relations services.

Disclaimers

The information and recommendations made available through our emails, newsletters, website and press releases (collectively referred to as the “Material”) by Sophic Capital Inc. (“Sophic” or “Company”) is for informational purposes only and shall not be used or construed as an offer to sell or be used as a solicitation of an offer to buy any services or securities. In accessing or consuming the Materials, you hereby acknowledge that any reliance upon any Materials shall be at your sole risk. In particular, none of the information provided in our monthly newsletter and emails or any other Material should be viewed as an invite, and/or induce or encourage any person to make any kind of investment decision. The recommendations and information provided in our Material are not tailored to the needs of particular persons and may not be appropriate for you depending on your financial position or investment goals or needs. You should apply your own judgment in making any use of the information provided in the Company’s Material, especially as the basis for any investment decisions. Securities or other investments referred to in the Materials may not be suitable for you and you should not make any kind of investment decision in relation to them without first obtaining independent investment advice from a qualified and registered investment advisor. You further agree that neither Sophic, its, directors, officers, shareholders, employees, affiliates consultants, and/or clients will be liable for any losses or liabilities that may be occasioned as a result of the information provided in any of the Material. By accessing Sophic’s website and signing up to receive the Company’s monthly newsletter or any other Material, you accept and agree to be bound by and comply with the terms and conditions set out herein. If you do not accept and agree to the terms, you should not use the Company’s website or accept the terms and conditions associated to the newsletter signup. Sophic is not registered as an adviser or dealer under the securities legislation of any jurisdiction of Canada or elsewhere and provides Material on behalf of its clients pursuant to an exemption from the registration requirements that is available in respect of generic advice. In no event will Sophic be responsible or liable to you or any other party for any damages of any kind arising out of or relating to the use of, misuse of and/or inability to use the Company’s website or Material. The information is directed only at persons resident in Canada. The Company’s Material or the information provided in the Material shall not in any form constitute as an offer or solicitation to anyone in the United States of America or any jurisdiction where such offer or solicitation is not authorized or to any person to whom it is unlawful to make such a solicitation. If you choose to access Sophic’s website and/or have signed up to receive the Company’s monthly newsletter or any other Material, you acknowledge that the information in the Material is intended for use by persons resident in Canada only. Sophic is not an investment advisor nor does it maintain any registrations as such, and Material provided by Sophic shall not be used to make investment decisions. Information provided in the Company’s Material is often opinionated and should be considered for information purposes only. No stock exchange or securities regulatory authority anywhere has approved or disapproved of the information contained herein. There is no express or implied solicitation to buy or sell securities. Sophic and/or its principals and employees may have positions in the stocks mentioned in the Company’s Material and may trade in the stocks mentioned in the Material. Do not consider buying or selling any stock without conducting your own due diligence and/or without obtaining independent investment advice from a qualified and registered investment advisor. The Company has not independently verified any of the data from third party sources referred to in the Material, including information provided by Sophic clients that are the subject of the report, or ascertained the underlying assumptions relied upon by such sources. The Company does not assume any responsibility for the accuracy or completeness of this information or for any failure by any such other persons to disclose events which may have occurred or may affect the significance or accuracy of any such information.

The Material may contain forward looking information. Forward-looking statements are frequently, but not always, identified by words such as “expects,” “anticipates,” “believes,” “intends,” “estimates,” “potential,” “possible,” “projects,” “plans,” and similar expressions, or statements that events, conditions or results “will,” “may,” “could,” or “should” occur or be achieved or their negatives or other comparable words and include,  without limitation, statements regarding, projected revenue, income or earnings or other results of operations, strategy, plans, objectives, goals and targets,  plans to increase market share or with respect to anticipated performance compared to competitors, product development and adoption by potential customers. These statements relate to future events and future performance. Forward-looking statements are based on opinions and assumptions as of the date made, and are subject to a variety of risks and other factors that could cause actual events/results to differ materially from these forward looking statements. There can be no assurance that such expectations will prove to be correct; these statements are no guarantee of future performance and involve known and unknown risks, uncertainties and other factors. Sophic provides no assurance as to future results, performance, or achievements and no representations are made that actual results achieved will be as indicated in the forward looking information. Nothing herein can be assumed or predicted, and you are strongly encouraged to learn more and seek independent advice before relying on any information presented.