LevelBlue (formerly AT&T Cybersecurity) today released its inaugural
Threat Trends Report, 2025 Edition 1, which outlines threat activity findings from the second half of 2024.
The report found that phishing-as-a-service (PhaaS) kits have gained traction, and business email compromise (BEC) remains the most common form of attack. Ransomware groups also continue to exploit weaknesses in organizations’ security configurations, with familiar malware campaigns still causing significant damage, according to the report, authored by the
LevelBlue security operations and
LevelBlue Labs teams.
The report reviewed 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as
Black Basta. Five malware families,
Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60% of the total malware attacks observed across the LevelBlue customer base, according to the report, indicating that threat actors still find value in leveraging older campaigns. Finally, LevelBlue's report outlined security best practices organizations can take to defend themselves.
Now, here's today's MSSP update. Drop me a line at
[email protected] if you have news to share or want to say hi!
Today's MSSP Update
1. AttackIQ acquires DeepSurface: AttackIQ has acquired DeepSurface, a security posture management and vulnerability prioritization company. The acquisition will enable AttackIQ to extend its traditional breach and attack simulation (BAS) use case to now include adversarial exposure validation (AEV) and help customers pivot to cyber threat exposure management (CTEM).
2. CISA, partners unveils new network edge security guidelines: Mounting cybersecurity threats against network edge devices prompted the Cybersecurity and Infrastructure Security Agency (CISA) to release a new set of recommendations for protecting networks and data storage developed alongside allied cybersecurity agencies, according to
SC Media. In collaboration with CISA, the Canadian Centre for Cyber Security detailed real-world attacks against its endpoints and how they were mitigated. The UK's National Cyber Security Centre provided digital forensics monitoring guidelines for data logging and record management, and the Australian Cyber Security Centre offered edge device hardening recommendations that detailed techniques to mitigate risks against such devices.
3. Orca Security announces new cloud-native security capabilities: Orca has announced new application security capabilities that bring together security, DevOps, and development teams to enable a full lifecycle approach to securing cloud-native applications. New capabilities of the Orca Cloud Security Platform include static application security testing (SAST), open-source license detection, and remediation actions driven by artificial intelligence (AI).
4. Stellar Cyber, Sophos partnership: Stellar Cyber and Sophos this week announced a strategic integration that will bring together Stellar Cyber’s Open XDR platform, Sophos Endpoint, and Sophos Firewall. Integrating Sophos’ advanced protection technologies into the Stellar Cyber Open XDR platform will improve visibility, make threat detection faster and reduce complexity, the companies said.
5. Cynet's new CEO is a familiar face: Former ConnectWise CEO Jason Magee has landed at
Cynet, where he was appointed CEO. Magee succeeds Cynet founder and former CEO Eyal Gruner, who will join Cynet’s Board of Directors and serve as a strategic advisor for Cynet’s executive team moving forward. Congratulations!
