LevelBlue is proud to current the second version of our biannual Risk Developments Report! This report builds on what we began in our first version, offering cybersecurity groups with vital insights into present threats.
This version covers menace actor exercise noticed within the first half of 2025 by the LevelBlue Managed Detection and Response (MDR) Safety Operations crew and the LevelBlue Labs menace intelligence crew. All through this report, our crew provides in-depth evaluation into the ways being utilized and exploited by menace actors and offers suggestions on the best way to shield your surroundings.
Our analysis signifies social engineering continues to be the first vector for preliminary entry and compromise, as menace actors perceive the only method into your surroundings is commonly the entrance door they had been invited by way of by the end-user. Coupled with developments in AI, attackers are rapidly mastering the artwork of deception to realize an preliminary foothold and evade detection.
Report Highlights Embody:
- Enterprise E mail Compromise (BEC) stays prevalent, usually delivered through phishing campaigns and using credential harvesters to realize fast entry and persistence.
- Social engineering is on the rise, as noticed in ClickFix and different pretend CAPTCHA assaults. This report discusses the best way to educate your workers and harden your surroundings towards these campaigns.
- This version features a assessment of distant administration instruments (RMM) noticed in incidents, together with which instruments are generally deployed and/or exploited by menace actors. That is key to understanding what’s and isn’t anticipated inside your surroundings earlier than an incident happens.
Our crew at LevelBlue works diligently to observe and research present traits to help in securing our clients and companions towards rising threats. This report offers one other method for our crew to share data on the newest threats with our present and future companions within the cybersecurity neighborhood.
Obtain the report right here to be taught extra in regards to the largest traits in 2025, which emphasizes the significance of organizational person safety consciousness and training to fight the rise in social engineering ways.
The content material offered herein is for normal informational functions solely and shouldn’t be construed as authorized, regulatory, compliance, or cybersecurity recommendation. Organizations ought to seek the advice of their very own authorized, compliance, or cybersecurity professionals relating to particular obligations and threat administration methods. Whereas LevelBlue’s Managed Risk Detection and Response options are designed to assist menace detection and response on the endpoint stage, they aren’t an alternative to complete community monitoring, vulnerability administration, or a full cybersecurity program.
