The ReliaQuest 2025 Cyber-Threat Report provides a comprehensive analysis of the most prevalent attack techniques, key threat trends, and actionable security recommendations for organizations. It highlights the importance of foundational security controls, automation, and rapid response to combat increasingly sophisticated cyber threats globally. #Cybersecurity #ThreatReport2025 #InitialAccess #Automation #ThreatLandscape
Keypoints
- The report follows a structured format, beginning with an executive summary, then reviewing key threat trends, and concluding with strategic recommendations. It covers attack techniques, threat actor activities, incident metrics, malware landscape, and best practices.
- Major statistics include that phishing continues as the leading initial access method for the second consecutive year, with 30% involving credential harvesters. Attackers successfully bypass MFA in all Business Email Compromise (BEC) incidents via session hijacking techniques.
- Notable trends reveal increased use of AI-driven attack tools by adversaries, faster lateral movement (average breakout time of 48 minutes), and explosion in external remote service abuse (45% of intrusions), reflecting a shift toward automated, scalable attack methods.
- The malware landscape shows persistent threats from SocGholish and AsyncRAT, with sophisticated tactics like Python-based malware and malware markets supporting extensive operations, evidenced by 478,000 Lumma listings.
- Key insights emphasize that inadequate logging remains the top cause of breaches, with most critical incidents involving legitimate software and compromised service accounts. Rapid attacker movement post-initial access underscores the necessity of automating detection and response.
- Major threat vectors include exploitation of public-facing applications (23%) and social engineering via voice phishing (14%). Attacks leveraging external remote services like VPNs account for 45% of active intrusions, highlighting external access points as prime targets.
- Recommendations Stress the importance of securing entry points through patching, multi-factor authentication, implementing AI-driven automation, and eliminating blind spots with detailed logging and device management.
- The report underscores the evolving threat landscape with an emphasis on quick containment—some organizations achieving a mean time to contain as low as 3 minutes—thanks to automation and proactive security measures.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)