Synacktiv, a globally recognized French expert in offensive cybersecurity, provided us with a practical demonstration, thanks to its "Red Team," of the new methods for attacking and compromising organizations in 2025.

Recent news has been rife with cases of massive data breaches (France Travail), the theft of billions of usernames and passwords linked to personal accounts (Google, Apple, Facebook), political and industrial espionage, production disruptions and ransomware attacks (e.g., Jaguar Land Rover), reputational damage, destruction of information assets, and more. In all these examples, organizations were vulnerable to attacker groups—cybercriminals, state-sponsored groups, or "insiders" (internal threats)—who were able to exploit blind spots in their information systems, vulnerabilities in their networks, or the weaknesses, carelessness, or even stupidity of human beings.

Red Team by Synacktiv

Through concrete demonstrations from their Red Team operations, Synacktiv's ethical hackers revealed how attackers can compromise a company or organization in 2025. The objective of their missions (35 carried out in 2024) is to try to penetrate a Synacktiv client's network without being detected or caught by the victim's defense system (in this case, the client who is unaware that it is an ethical attack at the time it is taking place). Only the head of the targeted company (or the CISO) knows that a contract has been signed with Synacktiv to test its resilience against unethical attacks.

On average, the Synacktiv Read Team takes 15 days to initially gain access to corporate networks. Compromising applications and passwords over the internet remains the primary initial access vector (50% of intrusions). Social engineering accounts for 15% of intrusions, and physical intrusion for 10%. Wi-Fi security, now more robust, is a rare intrusion vector.

Key takeaways

• Organizational defenses improve over time, but attacks become increasingly sophisticated.

• Attackers observe their targets' environments and analyze the behavior of internal stakeholders to create clones of the target they intend to attack.

• Stolen passwords, while an old weapon in the hands of attackers, are often used to enable data leaks.

• Be wary of DevOps (developer + operations), a relatively new and poorly understood role. While its flexibility is an advantage for the business, it's a major disadvantage for security. The warning signs are subtle, yet DevOps teams control the infrastructure's core functions. If they are compromised by an attacker, the attack can spread throughout the entire DevOps network without being quickly detected.

• The supply chain remains the weakest link due to its large attack surface, the significant security disparities between different suppliers (often several thousand per company), and limited visibility into its defense capabilities. The risk for the supply chain is creating a domino effect: a breach in one component can trigger attacks on multiple components of that supply chain, or even spread to other supply chains, and so on.

• Social engineering presents underestimated attack surfaces through phishing, vishing/smishing, physical intrusion, etc.

And another key lesson: compliance has never protected anyone and still doesn't protect against real-world threats.

So, a message for standards thinkers: get out into the field to understand the reality and stop killing businesses that should be spending less time and money complying with excessive regulations and more time protecting themselves against the attackers who threaten them every day!

About Synacktiv

Founded in 2012 by two security experts, Synacktiv's main areas of expertise are penetration testing, security audits, reverse engineering, vulnerability research, and incident response. Synacktiv participates in high-profile, world-renowned projects and develops numerous offensive security tools as part of its activities. Synacktiv is accredited by the French National Cybersecurity Agency (ANSSI) under the PASSI RGS and LPM (Information Systems Security Audit Provider) standards and CESTI (Information Technology Security Evaluation Center). It also holds the Cybersecurity Made in Europe label from the Alliance for Digital Trust (ACN), a certification body authorized by the French National Gaming Authority (ANJ).

The company has over 400 clients and currently employs a team of more than 200 cybersecurity experts. It primarily operates from its offices in Paris, Bordeaux, Toulouse, Lyon, Lille, and Rennes. Teams work throughout France, Europe, and internationally. Alain Establier

For more information, visit www.synacktiv.com

Also, read the interview with Renaud Feil published in January 2024 on SDBR News:

https://www.sdbrnews.com/sdbr-news-blog-fr/interview-exclusive-de-renaud-feil-ceo-et-co-fondateur-de-synacktiv?rq=synacktiv