Latest news with #FernandoMartinezSidera
Techday NZ
30-07-2025
- Business
- Techday NZ
LevelBlue warns cyber incidents jump as social engineering rises
LevelBlue has released its latest Threat Trends Report, revealing significant changes in cyberattack patterns and a marked increase in incident rates during the first half of 2025. Incident rates rise The report, analysing data from January through May 2025, shows that the percentage of LevelBlue customers experiencing cybersecurity incidents surged from 6% in the second half of 2024 to 17% in 2025. This threefold increase highlights escalating risks to organisations across various sectors. The report attributes this sharp rise in part to evolving tactics employed by cybercriminals. While Business Email Compromise (BEC) continues to be the most frequent method for gaining initial access to systems, there has been notable growth in alternative approaches. Non-BEC incidents increased by 214%, indicating that attackers are diversifying their methods to infiltrate networks. Faster breakout times LevelBlue's findings indicate that once attackers penetrate a network, they are moving laterally inside these environments at unprecedented speeds. The average breakout time (the duration between initial access and lateral movement) has now dropped to under 60 minutes, with certain cases recorded at less than 15 minutes. Social engineering surge The report points to a considerable surge in social engineering attacks, with 39% of initial access incidents linked to these techniques. This trend is particularly evident in the prevalence of fake CAPTCHA-based attacks, such as ClickFix campaigns. These campaigns, designed to trick users into providing credentials or executing malware, saw an increase of 1,450% from the second half of 2024 to the first half of 2025. A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception. They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026. This detailed assessment comes from Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue, underscoring a consistent and increasing sophistication in attackers' use of deception as part of their strategies. Recommendations for defence In response to these trends, LevelBlue has set out several recommendations for organisations seeking to bolster their cyber defences. These include raising awareness among users about threats posed by fake CAPTCHA attacks and other browser-based vectors, and considering restrictions on PowerShell or command prompt use for non-administrator accounts. The report suggests that firms develop and enforce caller verification protocols, such as multi-factor authentication (MFA), code words or phrases, or the use of identity verification platforms. It also advises mandatory implementation of MFA and digital certificates for VPN access, as well as deployment of jump boxes for remote desktop access from outside organisational networks. Another recommendation is the removal of Quick Assist from all end-user machines unless there is a specific business requirement, alongside following established guidelines to prevent the unauthorised download and execution of remote monitoring and management (RMM) software. The report notes that in help desk-themed attacks, threat actors may leverage other tools if Quick Assist is unavailable. Patch management also features prominently among suggested actions. Organisations are reminded to remain vigilant regarding vulnerabilities and to install updates promptly - especially where proof-of-concept exploits have been publicly released. Working together on cyber threats The LevelBlue Security Operations Centre collaborates closely with LevelBlue Labs researchers to monitor evolving threats and develop effective countermeasures. This teamwork involves sharing intelligence and methodologies as well as joint research projects, with the aim of strengthening defences across client organisations. The LevelBlue Threat Trends Report is intended to provide organisations with clear insight into current cyber threat landscapes and practical steps to reduce exposure to increasing and more sophisticated attacks.
Business Wire
30-07-2025
- Business
- Business Wire
LevelBlue 2025 Threat Trends Report, Edition Two Finds Alarming Rise in Sophisticated Social Engineering Attacks
DALLAS--(BUSINESS WIRE)-- LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, today released the second edition of the LevelBlue Threat Trends Report, ' Fool Me Once: How Cybercriminals are Mastering the Art of Deception.' Drawing from real-world incident data analyzed by LevelBlue Security Operations Center (SOC) and LevelBlue Labs teams, this report analyzes cyber threat activity from January 1 through May 31, 2025, revealing a dramatic surge in social engineering attacks and faster breakout times by increasingly sophisticated adversaries. According to the report, the number of cybersecurity incidents observed nearly tripled, with the number of LevelBlue customers experiencing incidents jumping from 6% in the second half of 2024 to 17% in 2025. While business email compromise (BEC) remains the most common method for initial access, non-BEC incidents rose by 214%, highlighting a broader shift in attacker behavior. Once attackers are in, they're moving at an unprecedented speed, with an average breakout time (or how fast attackers can move laterally after initial access) under 60 minutes, and in some cases, less than 15 minutes. The LevelBlue Threat Trends Report also found a massive uptick in social engineering attacks, accounting for 39% of initial access incidents observed during the first half of the year. This can be attributed to the increasing number of fake CAPTCHA social engineering attacks, especially ClickFix campaigns, which jumped 1,450% from the second half of 2024 to the first half of 2025. These attacks leverage user trust and urgency to easily gain access into organizations' networks. 'A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception,' said Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue. 'They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026.' With social engineering predicted to be the intrusion vector of choice for threat actors for the second half of 2025 and into 2026, LevelBlue recommends the following best practices to help organizations protect against these threats: Educate users on fake CAPTCHA attacks like ClickFix and other browser attacks. Consider restricting PowerShell or command prompt use for non-administrator accounts. Develop and enforce caller verification protocols and processes, such as multi-factor authentication (MFA), code words or phrases, or identity verification platforms. Enforce usage of MFA and certificates for VPN access. Deploy a jump box if RDP must be used from outside the network. Remove Quick Assist from all end-user machines unless explicitly required for business and IT services. Follow guidance on preventing the download and execution of RMM software. Threat actors will have victims download other tools if Quick Assist is not available during a fake help desk attack. Stay up to date on vulnerabilities and patch releases related to applications, software, and hardware. Patch as soon as possible, especially if there is a proof-of-concept exploit released. The LevelBlue SOC works in close collaboration with LevelBlue Labs threat researchers to share timely insights and methodologies, while engaging in joint research initiatives to combat emerging cybersecurity challenges and bolster the security posture of today's organizations. Download the complete findings of the 2025 LevelBlue Threat Trends Report, Edition Two here. For a summary of the findings, read the blog here. For more information on LevelBlue and its managed security, consulting, and threat intelligence services, please visit About LevelBlue We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it. We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business. Welcome to LevelBlue. Cybersecurity. Simplified. Learn more at
