LevelBlue is proud to current the second version of our biannual Risk Tendencies Report! This report builds on what we began in our first version, offering cybersecurity groups with essential insights into present threats.
This version covers risk actor exercise noticed within the first half of 2025 by the LevelBlue Managed Detection and Response (MDR) Safety Operations staff and the LevelBlue Labs risk intelligence staff. All through this report, our staff provides in-depth evaluation into the techniques being utilized and exploited by risk actors and gives suggestions on the way to shield your setting.
Our analysis signifies social engineering continues to be the first vector for preliminary entry and compromise, as risk actors perceive the only method into your setting is commonly the entrance door they had been invited by way of by the end-user. Coupled with developments in AI, attackers are shortly mastering the artwork of deception to realize an preliminary foothold and evade detection.
Report Highlights Embrace:
- Enterprise E-mail Compromise (BEC) stays prevalent, typically delivered by way of phishing campaigns and using credential harvesters to realize fast entry and persistence.
- Social engineering is on the rise, as noticed in ClickFix and different pretend CAPTCHA assaults. This report discusses the way to educate your workers and harden your setting in opposition to these campaigns.
- This version features a evaluate of distant administration instruments (RMM) noticed in incidents, together with which instruments are generally deployed and/or exploited by risk actors. That is key to understanding what’s and isn’t anticipated inside your setting earlier than an incident happens.
Our staff at LevelBlue works diligently to observe and research present tendencies to help in securing our prospects and companions in opposition to rising threats. This report gives one other method for our staff to share info on the newest threats with our present and future companions within the cybersecurity neighborhood.
Obtain the report right here to be taught extra in regards to the largest tendencies in 2025, which emphasizes the significance of organizational person safety consciousness and training to fight the rise in social engineering techniques.
The content material offered herein is for basic informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals concerning particular obligations and danger administration methods. Whereas LevelBlue’s Managed Risk Detection and Response options are designed to help risk detection and response on the endpoint degree, they aren’t an alternative to complete community monitoring, vulnerability administration, or a full cybersecurity program.
