The Stealth Shift: Why Cyber Attackers Are Going Underground While We're Still Fighting the Last War
The Stealth Shift: Why Cyber Attackers Are Going Underground While We’re Still Fighting the Last War
Remember when ransomware was the big scary monster keeping us all up at night? Well, according to some new research from Picus Labs, we might be fighting the last war while attackers have quietly shifted tactics right under our noses.
Their Red Report 2026 analyzed over 1.1 million malicious files and tracked 15.5 million adversarial actions throughout 2025, and what they found should make us all take a step back. The era of loud, disruptive ransomware attacks might be giving way to something far more insidious: what they’re calling “digital parasites”.
The New Playbook: Why Make Noise When You Can Make Money Quietly?
Think about it from an attacker’s perspective. Why encrypt everything and demand a ransom payment that might never come, when you can quietly siphon data, credentials, and access for months or even years? These digital parasites are embedding themselves deep in our systems and staying there, feeding off our networks while remaining completely invisible.
The shift makes perfect business sense for cybercriminals. Instead of the high-risk, high-visibility approach of traditional ransomware, they’re opting for long-term, low-profile operations that generate steady income streams. They’re not just breaking in anymore – they’re moving in and setting up shop.
This evolution explains why so many organizations are struggling with detection. We’ve built our defenses around stopping the loud, obvious attacks, but these new threats are designed to blend in with normal network traffic and legitimate user behavior.
Microsoft’s Extended Support Reality Check
Speaking of staying under the radar, Microsoft just dropped their Windows 10 KB5075912 extended security update to patch February’s vulnerabilities, including six zero-days. But here’s what really caught my attention: they’re still rolling out replacements for expiring Secure Boot certificates.
If you’re one of those organizations still running Windows 10 because “it works fine,” this update is a wake-up call. Microsoft is essentially providing life support for an operating system that should have been retired. Every month you delay that migration is another month you’re giving attackers a familiar, well-documented attack surface to work with.
The fact that six zero-days needed patching in a single month tells us that Windows 10 isn’t just old – it’s becoming a liability. Those digital parasites I mentioned earlier? They love nothing more than organizations clinging to legacy systems with predictable vulnerabilities.
The AI Security Investment Surge
Meanwhile, the money is following the problems. Reco just raised $30 million for AI SaaS security, bringing their total funding to $85 million in less than 10 months. That’s not just investor enthusiasm – that’s recognition that our current security tools weren’t built for a world where AI is generating both threats and legitimate business processes.
This funding surge makes sense when you consider the detection challenges we’re facing. Traditional signature-based detection is useless against AI-generated malware that can morph and adapt. We need AI-powered defenses that can think like attackers, not just match known patterns.
The Detection Arms Race Gets Personal
Bruce Schneier’s latest piece on AI-generated text detection highlights another dimension of this problem. When Clarkesworld magazine had to stop accepting submissions because of AI-generated stories, it wasn’t just a publishing problem – it was a preview of what we’re dealing with in security.
Attackers are using AI to generate convincing phishing emails, social engineering scripts, and even malware code that passes initial review. The old “trust but verify” approach breaks down when verification itself becomes nearly impossible.
We’re essentially in an arms race where both sides have access to the same AI tools. The difference is that attackers only need to succeed once, while we need to catch everything, every time.
What This Means for Our Day-to-Day Work
So where does this leave us? First, we need to adjust our monitoring strategies. Instead of just looking for obvious malicious activity, we need to baseline normal behavior and watch for subtle deviations. Those digital parasites reveal themselves through tiny inconsistencies over time, not dramatic system changes.
Second, we can’t afford to let legacy systems linger. Every outdated Windows 10 machine in your environment is a potential long-term residence for attackers who prefer to stay hidden.
Finally, we need to start thinking about AI as both a threat multiplier and a necessary defense tool. The organizations investing in AI-powered security today are the ones who’ll be able to detect those subtle, long-term intrusions tomorrow.
The good news? We’re not defenseless against these evolving threats. We just need to stop preparing for the last war and start fighting the current one.
Sources
- Microsoft releases Windows 10 KB5075912 extended security update
- Reco Raises $30 Million to Enhance AI SaaS Security
- “Digital Parasite” Warning as Attackers Favor Stealth for Extortion
- From Ransomware to Residency: Inside the Rise of the Digital Parasite
- AI-Generated Text and the Detection Arms Race