▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

LevelBlue Releases Inaugural Threat Trends Report, Highlighting Surge in Phishing-as-a-Service Kits

LevelBlue, a leading provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its inaugural 2025 LevelBlue Threat Tr...

Business Wire

As threat actors continue leveraging familiar malware campaigns, security awareness and proactive defense measures become even more essential

DALLAS: LevelBlue, a leading provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its inaugural 2025 LevelBlue Threat Trends Report, Edition One, which analyzes dominant cyber threat activity observed between June 1 and November 30, 2024. Authored by the LevelBlue security operations and LevelBlue Labs teams, key findings from this biannual report reveal phishing-as-a-service (PhaaS) kits have gained traction, and business email compromise (BEC) remains the most common form of attack. Ransomware groups also continue to exploit weaknesses in organizations’ security configurations, with familiar malware campaigns still causing significant damage.

PhaaS is a major cybersecurity risk for businesses, especially for the financial industry. Because PhaaS kits are increasingly accessible, it is easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, the use of a new PhaaS known as RaccoonO365 has surfaced. The kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

BECs made up more than 70% of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to elicit further information or access from the victims.

The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60% of the total malware attacks observed across the LevelBlue customer base. Their consistent use indicates that threat actors are still finding value in leveraging older campaigns.

“Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering,” says Ken Ng, Lead Cybersecurity Specialist, LevelBlue MDR Threat Hunting. “The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today’s most prevalent threats.”

The report recommends a number of best practices to help organizations protect against threats, including:

  • Design secure conditional access policies, leverage properly configured email security gateways that can detect malicious attachments, perform phishing analysis, and allow for rules to block certain attachment types and domains within emails.
  • Employ the principle of least privilege throughout the organization.
  • Utilize endpoint detection and response (EDR) and network detection and response (NDR) platforms to detect when there is anomalous lateral movement within a network.
  • Remain alert for vendor communications that advise of vulnerabilities affecting software or devices, and immediately patch any impacted technologies.
  • Have a recovery plan in place for when it is suspected or discovered that an attacker has obtained access to a domain controller and the credentials of multiple users.

The LevelBlue Security Operations Center (SOC) works in close collaboration with LevelBlue Labs threat researchers. The teams share insights and methodologies, while engaging in joint research initiatives to combat emerging cybersecurity challenges and bolster the security posture of all LevelBlue customers.

Download the complete findings of the 2025 LevelBlue Threat Trends Report, Edition One here. For a summary of the findings, read the blog here, or dive deeper into the report by attending the webcast on February 12, 2025.

About LevelBlue

We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.

We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence, which enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risk, so you can focus on your business.

Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Chris Catanzaro of Halcyon Recognized on the 2025 CRN® Channel Chiefs…

Halcyon, a leading platform designed from day one to defeat ransomware, today announced that CRN®, a brand of The Channel Company, has named Chris Catanzaro,…

SurePeople Democratizes Workplace Assessments—Now Free for All Employees,…

For decades, workplace assessments have been reserved for leaders and managers, until now. Today, SurePeople announces free access to Prism, a proprietary…

Northern Trust Universe Data: Strong 2024 Performance for U.S. Institutional…

#assetmanagement--Strong U.S. equity market returns were offset by weakness in the bond market and global stocks in the fourth quarter of 2024, generating…

Cheesecake Labs Opens San Francisco Office, Secures #1 Spot in Mobile…

Cheesecake Labs, a global leader in mobile and web app development, has announced significant milestones in its 2025 expansion strategy, including the…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!