LevelBlue is proud to current the second version of our biannual Risk Traits Report! This report builds on what we began in our first version, offering cybersecurity groups with essential insights into present threats.
Our second version delves into risk actor exercise noticed within the first half of 2025 by LevelBlue Managed Detection and Response (MDR) and LevelBlue Labs risk intelligence groups. With this report, our group presents in-depth evaluation into the techniques utilized and exploited by attackers and supplies suggestions on shield your atmosphere.
Our analysis signifies social engineering continues to be the first vector for preliminary entry and compromise, as risk actors perceive the only approach into your atmosphere is commonly the entrance door they have been invited by means of by the end-user. Coupled with developments in AI, attackers are rapidly mastering the artwork of deception to realize an preliminary foothold and evade detection.
Report Highlights Embody:
- Social engineering is on the rise, as noticed in ClickFix and different pretend CAPTCHA assaults. Our report advises educate your staff and harden your atmosphere towards these campaigns.
- Breakout occasions are reducing, with risk actors now shifting laterally below 60 minutes, and in some circumstances below quarter-hour. Our analysts uncover their techniques and supply steerage for stopping lateral motion.
- Distant monitoring and administration (RMM) programs are key to understanding what to anticipate inside your atmosphere earlier than an incident happens. We offer a assessment of RMM programs noticed in incidents, together with which instruments are generally deployed and/or exploited by risk actors.
Our group at LevelBlue works diligently to observe and examine present traits to help in securing our clients and companions towards rising threats. This report supplies one other approach for our group to share data on the most recent threats with our present and future companions within the cybersecurity neighborhood.
Obtain the report right here to be taught extra in regards to the greatest traits in 2025, which emphasizes the significance of organizational person safety consciousness and training to fight the rise in social engineering techniques.
The content material offered herein is for basic informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals concerning particular obligations and danger administration methods. Whereas LevelBlue’s Managed Risk Detection and Response options are designed to help risk detection and response on the endpoint degree, they don’t seem to be an alternative to complete community monitoring, vulnerability administration, or a full cybersecurity program.
