As threat actors continue leveraging familiar malware campaigns, security awareness and proactive defense measures become even more essential

DALLAS --(BUSINESS WIRE)

LevelBlue, a leading provider of managed network security services, managed detection and response, strategic consulting, and threat intelligence, today released its inaugural 2025 LevelBlue Threat Trends Report, Edition One, which analyzes dominant cyber threat activity observed between June 1 and November 30, 2024. Authored by the LevelBlue security operations and LevelBlue Labs teams, key findings from this biannual report reveal phishing-as-a-service (PhaaS) kits have gained traction, and business email compromise (BEC) remains the most common form of attack. Ransomware groups also continue to exploit weaknesses in organizations’ security configurations, with familiar malware campaigns still causing significant damage.

PhaaS is a major cybersecurity risk for businesses, especially for the financial industry. Because PhaaS kits are increasingly accessible, it is easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, the use of a new PhaaS known as RaccoonO365 has surfaced. The kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

BECs made up more than 70% of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to elicit further information or access from the victims.

The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60% of the total malware attacks observed across the LevelBlue customer base. Their consistent use indicates that threat actors are still finding value in leveraging older campaigns.

“Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering,” says Ken Ng, Lead Cybersecurity Specialist, LevelBlue MDR Threat Hunting. “The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today’s most prevalent threats.”

The report recommends a number of best practices to help organizations protect against threats, including:

  • Design secure conditional access policies, leverage properly configured email security gateways that can detect malicious attachments, perform phishing analysis, and allow for rules to block certain attachment types and domains within emails.
  • Employ the principle of least privilege throughout the organization.
  • Utilize endpoint detection and response (EDR) and network detection and response (NDR) platforms to detect when there is anomalous lateral movement within a network.
  • Remain alert for vendor communications that advise of vulnerabilities affecting software or devices, and immediately patch any impacted technologies.
  • Have a recovery plan in place for when it is suspected or discovered that an attacker has obtained access to a domain controller and the credentials of multiple users.

The LevelBlue Security Operations Center (SOC) works in close collaboration with LevelBlue Labs threat researchers. The teams share insights and methodologies, while engaging in joint research initiatives to combat emerging cybersecurity challenges and bolster the security posture of all LevelBlue customers.

Download the complete findings of the 2025 LevelBlue Threat Trends Report, Edition One here. For a summary of the findings, read the blog here, or dive deeper into the report by attending the webcast on February 12, 2025.

About LevelBlue

We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.

We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence, which enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risk, so you can focus on your business.

Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.

Media Contact
Jessica Bettencourt
Inkhouse for LevelBlue
[email protected]
(774) 451-5142

Copyright Business Wire 2025

Information contained on this page is provided by an independent third-party content provider. XPRMedia and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact [email protected]