LevelBlue 2025 Threat Trends Report, Edition Two Finds Alarming Rise in Sophisticated Social Engineering Attacks
According to the report, the number of cybersecurity incidents observed nearly tripled, with the number of LevelBlue customers experiencing incidents jumping from 6% in the second half of 2024 to 17% in 2025. While business email compromise (BEC) remains the most common method for initial access, non-BEC incidents rose by 214%, highlighting a broader shift in attacker behavior. Once attackers are in, they're moving at an unprecedented speed, with an average breakout time (or how fast attackers can move laterally after initial access) under 60 minutes, and in some cases, less than 15 minutes.
The LevelBlue Threat Trends Report also found a massive uptick in social engineering attacks, accounting for 39% of initial access incidents observed during the first half of the year. This can be attributed to the increasing number of fake CAPTCHA social engineering attacks, especially ClickFix campaigns, which jumped 1,450% from the second half of 2024 to the first half of 2025. These attacks leverage user trust and urgency to easily gain access into organizations' networks.
'A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception,' said Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue. 'They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026.'
With social engineering predicted to be the intrusion vector of choice for threat actors for the second half of 2025 and into 2026, LevelBlue recommends the following best practices to help organizations protect against these threats:
Educate users on fake CAPTCHA attacks like ClickFix and other browser attacks. Consider restricting PowerShell or command prompt use for non-administrator accounts.
Develop and enforce caller verification protocols and processes, such as multi-factor authentication (MFA), code words or phrases, or identity verification platforms.
Enforce usage of MFA and certificates for VPN access. Deploy a jump box if RDP must be used from outside the network.
Remove Quick Assist from all end-user machines unless explicitly required for business and IT services.
Follow guidance on preventing the download and execution of RMM software. Threat actors will have victims download other tools if Quick Assist is not available during a fake help desk attack.
Stay up to date on vulnerabilities and patch releases related to applications, software, and hardware. Patch as soon as possible, especially if there is a proof-of-concept exploit released.
The LevelBlue SOC works in close collaboration with LevelBlue Labs threat researchers to share timely insights and methodologies, while engaging in joint research initiatives to combat emerging cybersecurity challenges and bolster the security posture of today's organizations.
Download the complete findings of the 2025 LevelBlue Threat Trends Report, Edition Two here. For a summary of the findings, read the blog here.
For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit www.levelblue.com.
About LevelBlue
We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.
We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business.
Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at www.levelblue.com.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Wire
25 minutes ago
- Business Wire
Hyperscience Recognized on the 2025 Inc. 5000 List of Fastest-Growing Private Companies in America
NEW YORK--(BUSINESS WIRE)-- Hyperscience, a market leader in hyperautomation and a provider of enterprise AI infrastructure software, today announced its inclusion on the prestigious 2025 Inc. 5000 list of America's fastest-growing private companies. The company's proven success in delivering operational efficiencies across numerous verticals has earned it a spot on the list for the first time. This placement comes on the heels of a breakout year marked by the release of the company's Optical Reasoning and Cognition Agent (ORCA), its next-generation Vision-Language Model (VLM), and rapid adoption of its platform across government agencies, global enterprises, and regulated industries. 'Being recognized on the Inc. 5000 list for the first time reflects the years of hard work and commitment of our teams, and is a testament to our achievements in leading the charge for intelligent automation,' said Andrew Joiner, CEO of Hyperscience. 'At Hyperscience, we're not just building AI, we're reshaping how the world works with information. This placement reinforces our mission to deliver AI that understands, empowers, and accelerates outcomes for organizations everywhere.' Hyperscience transforms organizations everywhere with a turnkey AI platform that accelerates the processing of documents and forms that flow through an enterprise's back office. Designed with a 'human-in-the-loop' approach, this platform leverages the strengths of both humans and machines. Hyperscience comprehensively manages data from input to extraction, orchestrating end-to-end processes. With industry-leading accuracy (99.5 percent) and automation (98 percent), Hyperscience automates tedious tasks, enabling workforces to spend their time on higher-level projects. The Inc. 5000 list, compiled annually by Inc. magazine, ranks the 5000 fastest-growing private companies in the United States based on revenue growth over the past three years. Making the Inc. 5000 is a significant achievement that places Hyperscience among the most dynamic and successful businesses in the country. For the full list, company profiles, and a searchable database by industry and location, visit: About Hyperscience Hyperscience is a market leader in hyperautomation and a provider of enterprise AI infrastructure software. The Hyperscience Hypercell platform unlocks the value of an organization's back office data through the automation of end-to-end processes, and transforms complex documents into LLM and RAG-ready data to power new enterprise GenAI experiences. This enables organizations to transform manual, siloed processes into a strategic advantage, resulting in a faster path to decisions, actions, and revenue; positive and engaging customer, public, and patient experiences; and dramatic increases in productivity. Leading organizations across the globe rely on Hyperscience to drive their hyperautomation initiatives, including American Express, Charles Schwab, HM Revenue and Customs, Mars, Stryker, The United States Social Security Administration, and The United States Department of Veterans Affairs. The company is funded by top tier investors including Bessemer Venture Partners, Battery, FirstMark, Stripes, and Tiger Global.
Business Wire
25 minutes ago
- Business Wire
Exabeam Named One of the Top 50 Security Companies on the 2025 Inc. 5000 List of America's Fastest-Growing Private Companies
FOSTER CITY, Calif. & BROOMFIELD, Colo.--(BUSINESS WIRE)-- Exabeam, a global leader in intelligence and automation for security operations, ranked No. 48 among all security companies and top 100 companies in the San Francisco Bay Area on the annual Inc. 5000 list, the most prestigious ranking of the fastest-growing private companies in America. The list provides a data-driven snapshot of the most successful companies within the economy's most dynamic segment: its independent, entrepreneurial businesses. Past honorees include companies such as Microsoft, Meta, Chobani, Under Armour, Timberland, Oracle, and Patagonia. Over the past year, Exabeam has significantly accelerated its innovation engine, delivering quarterly product updates that are reshaping the future of security operations. Fueled by more than a decade of AI expertise, the recent launch of Exabeam Nova marked a fundamental shift for security operations centers by transforming reactive alert triage into intelligent, outcomes-driven process optimization. Embedded machine learning drives every layer across threat detection, investigation and response, GenAI policy enforcement, and agentic AI enablement. Investments in high-integrity data, behavioral analytics, and automation have equipped security teams with the speed and precision needed to confront today's escalating threats. This strategic focus has strengthened customer trust and driven measurable business growth. "Being named to this prestigious list for the seventh time in our ten-year history is a tremendous honor," said Chris O'Malley, CEO of Exabeam. "This past year has been a transformative journey of growth and momentum — our first year post-merger — where we've not only integrated two strong teams but elevated our position in the market. It reflects our unwavering commitment not just to keeping pace with the cybersecurity industry, but to leading it — pioneering the innovations that empower security teams to stay ahead of threats and AI-driven adversaries." This year's Inc. 5000 honorees have demonstrated exceptional growth while navigating economic uncertainty, inflationary pressure, and a fluctuating labor market. Among the top 500 companies on the list, the median three-year revenue growth rate reached 1,552 percent, and those companies have collectively added more than 48,678 jobs to the U.S. economy over the past three years. 'Making the Inc. 5000 is always a remarkable achievement, but earning a spot this year speaks volumes about a company's tenacity and clarity of vision,' says Mike Hofman, editor-in-chief of Inc. 'These businesses have thrived amid rising costs, shifting global dynamics, and constant change. They didn't just weather the storm—they grew through it, and their stories are a powerful reminder that the entrepreneurial spirit is the engine of the U.S. economy.' Additional Resources: For the full list, company profiles, and a searchable database by industry and location, visit: Inc. will celebrate the honorees at the 2025 Inc. 5000 Conference & Gala, taking place October 22–24 in Phoenix, and the top 500 will be listed in the Fall issue of Inc. magazine. Methodology Companies on the 2025 Inc. 5000 are ranked according to percentage revenue growth from 2021 to 2024. To qualify, companies must have been founded and generating revenue by March 31, 2021. They must be U.S.-based, privately held, for-profit, and independent—not subsidiaries or divisions of other companies—as of December 31, 2024. (Since then, some on the list may have gone public or been acquired.) The minimum revenue required for 2021 is $100,000; the minimum for 2024 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. About Exabeam Exabeam is a leader in intelligence and automation that powers security operations for the world's smartest companies. As a global cybersecurity innovator, Exabeam provides industry-proven, security-focused, and flexible solutions for faster, more accurate threat detection, investigation, and response (TDIR). Cutting-edge technology enhances security operations center performance, optimizing workflows and accelerating time to resolution. With consistent leadership in AI innovation and a proven track record in security information and event management (SIEM) and user behavior analytics, Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.
Business Wire
25 minutes ago
- Business Wire
Industry Leaders, Policymakers to Gather at Annual DC-based SPIE Photonics Industry Summit on 18 September
BELLINGHAM, Wash.--(BUSINESS WIRE)--On 18 September, in Washington, DC, SPIE, the international society for optics and photonics, will host its fourth annual Photonics Industry Summit. The event will bring together leaders from the optics and photonics community, executives from related businesses, high-level US government agency representatives, and US congressional representatives. Collectively, they will be sharing their plans and expectations for optics and photonics-related programs in key areas such as directed energy, semiconductors, space, biotechnology, quantum, and other emerging technologies. The featured speakers include: US Congressperson Joe Morelle NASA Acting Deputy Associate Administrator, Science Mission Directorate Mark Clampin NIH Director of the National Institutes of Biomedical Imaging and Bioengineering Bruce Tromberg Akin Senior Counsel Matthew S. Borman NSF Directorate for Technology, Innovation, and Partnerships Kerri Dugan US Department of Energy Program Director, Advanced Research Projects Agency – Energy Emily R. Kinser Defense Innovation Unit Technical Program Manager Jeffrey Wright SPIE CEO Kent Rochford Prior to the summit SPIE will host a Congressional Reception, which will be held on Capitol Hill at the Rayburn House Office Building, from 5:00 PM-8:00 PM on 17 September. No additional registration is required for this opportunity to network, speak directly with congressional representatives, and advocate on behalf of the photonics industry. 'I'm very much looking forward to this year's SPIE Photonics Industry Summit,' says SPIE Director of Government Affairs Jennifer O'Bryan. 'The constantly changing policy landscape can be challenging for company executives. This unique opportunity allows direct access to a range of senior government officials with significant budget authority. Additionally, the complementary congressional reception offers a truly unique opportunity to engage with your elected representatives.' The event is sponsored by Hamamatsu, Leonardo, Optimax, Sydor Optics, Thorlabs, and TOPTICA. For more information and to register for the SPIE Photonics Industry Summit, please visit our website. Be sure to register early: prices will increase after 5 September. About SPIE SPIE, the international society for optics and photonics, brings engineers, scientists, students, and business professionals together to advance light-based science and technology. The Society, founded in 1955, connects and engages with our global constituency through industry-leading conferences and exhibitions; publications of conference proceedings, books, and journals in the SPIE Digital Library; and career-building opportunities. Over the past five years, we have invested more than $25 million in the international optics community through our advocacy and support, including scholarships, educational resources, travel grants, endowed gifts, and public-policy development.
