LevelBlue is proud to present the second edition of our biannual Threat Trends Report! This report builds on what we started in our first edition, providing cybersecurity teams with critical insights into current threats.
Our second edition delves into threat actor activity observed in the first half of 2025 by LevelBlue Managed Detection and Response (MDR) and LevelBlue Labs threat intelligence teams. With this report, our team offers in-depth analysis into the tactics utilized and exploited by attackers and provides recommendations on how to protect your environment.
Our research indicates social engineering continues to be the primary vector for initial access and compromise, as threat actors understand the simplest way into your environment is often the front door they were invited through by the end-user. Coupled with advancements in AI, attackers are quickly mastering the art of deception to gain an initial foothold and evade detection.
Report Highlights Include:
- Social engineering is on the rise, as observed in ClickFix and other fake CAPTCHA attacks. Our report advises how to educate your employees and harden your environment against these campaigns.
- Breakout times are decreasing, with threat actors now moving laterally under 60 minutes, and in some cases under 15 minutes. Our analysts uncover their tactics and provide guidance for preventing lateral movement.
- Remote monitoring and management (RMM) systems are key to understanding what to expect within your environment before an incident occurs. We provide a review of RMM systems observed in incidents, including which tools are commonly deployed and/or exploited by threat actors.
Our team at LevelBlue works diligently to monitor and study current trends to assist in securing our customers and partners against emerging threats. This report provides another way for our team to share information on the latest threats with our current and future partners in the cybersecurity community.
Download the report here to learn more about the biggest trends in 2025, which emphasizes the importance of organizational user security awareness and education to combat the rise in social engineering tactics.
The content provided herein is for general informational purposes only and should not be construed as legal, regulatory, compliance, or cybersecurity advice. Organizations should consult their own legal, compliance, or cybersecurity professionals regarding specific obligations and risk management strategies. While LevelBlue’s Managed Threat Detection and Response solutions are designed to support threat detection and response at the endpoint level, they are not a substitute for comprehensive network monitoring, vulnerability management, or a full cybersecurity program.
