LevelBlue, a leading provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its inaugural 2025 LevelBlue Threat Tr...
As threat actors continue leveraging familiar malware campaigns, security awareness and proactive defense measures become even more essential
DALLAS: LevelBlue, a leading provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its inaugural 2025 LevelBlue Threat Trends Report, Edition One, which analyzes dominant cyber threat activity observed between June 1 and November 30, 2024. Authored by the LevelBlue security operations and LevelBlue Labs teams, key findings from this biannual report reveal phishing-as-a-service (PhaaS) kits have gained traction, and business email compromise (BEC) remains the most common form of attack. Ransomware groups also continue to exploit weaknesses in organizations’ security configurations, with familiar malware campaigns still causing significant damage.
PhaaS is a major cybersecurity risk for businesses, especially for the financial industry. Because PhaaS kits are increasingly accessible, it is easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, the use of a new PhaaS known as RaccoonO365 has surfaced. The kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.
BECs made up more than 70% of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to elicit further information or access from the victims.
The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60% of the total malware attacks observed across the LevelBlue customer base. Their consistent use indicates that threat actors are still finding value in leveraging older campaigns.
“Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering,” says Ken Ng, Lead Cybersecurity Specialist, LevelBlue MDR Threat Hunting. “The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today’s most prevalent threats.”
The report recommends a number of best practices to help organizations protect against threats, including:
The LevelBlue Security Operations Center (SOC) works in close collaboration with LevelBlue Labs threat researchers. The teams share insights and methodologies, while engaging in joint research initiatives to combat emerging cybersecurity challenges and bolster the security posture of all LevelBlue customers.
Download the complete findings of the 2025 LevelBlue Threat Trends Report, Edition One here. For a summary of the findings, read the blog here, or dive deeper into the report by attending the webcast on February 12, 2025.
About LevelBlue
We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.
We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence, which enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risk, so you can focus on your business.
Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.
Fonte: Business Wire
Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…
G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
Halcyon, a leading platform designed from day one to defeat ransomware, today announced that CRN®, a brand of The Channel Company, has named Chris Catanzaro,…
For decades, workplace assessments have been reserved for leaders and managers, until now. Today, SurePeople announces free access to Prism, a proprietary…
#assetmanagement--Strong U.S. equity market returns were offset by weakness in the bond market and global stocks in the fourth quarter of 2024, generating…
Cheesecake Labs, a global leader in mobile and web app development, has announced significant milestones in its 2025 expansion strategy, including the…