.jpg)
LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, released its second edition of the 2025 Threat Trends Report, titled “Fool Me Once: How Cybercriminals are Mastering the Art of Deception,” on July 30, 2025. Analyzing cyber threat activity from January 1 to May 31, 2025, the report, compiled by LevelBlue’s Security Operations Center (SOC) and LevelBlue Labs, highlights a threefold increase in cybersecurity incidents and a dramatic rise in sophisticated social engineering attacks, particularly fake CAPTCHA-based ClickFix campaigns.
Cyber Incidents Tripled: 17% of LevelBlue customers faced incidents in H1 2025, up from 6% in H2 2024.
Social Engineering Surge: Accounts for 39% of initial access incidents, with ClickFix campaigns up 1,450% from H2 2024.
Faster Breakout Times: Average under 60 minutes, some as low as 15 minutes.
Non-BEC Attacks Rise: Increased by 214%, diversifying beyond business email compromise (BEC).
Top Malware Families: Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer dominate.
Recommendations: MFA enforcement, user education on fake CAPTCHAs, and rapid patching.
The report notes a 3x surge in cybersecurity incidents, with 17% of LevelBlue’s customers affected in H1 2025, compared to 6% in H2 2024. While BEC remains the top initial access method, non-BEC incidents grew by 214%, reflecting attackers’ shift to diverse tactics. Breakout times—how quickly attackers move laterally after initial access—averaged under 60 minutes, with some as fast as 15 minutes, driven by AI-enhanced deception and remote access trojans (RATs). “A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception,” said Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue.
Social engineering attacks accounted for 39% of initial access incidents, with fake CAPTCHA attacks, particularly ClickFix campaigns, soaring by 1,450% from H2 2024. These attacks exploit user trust by mimicking legitimate prompts to trick users into downloading malware or sharing credentials. “They’re moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door,” Sidera noted. The report predicts social engineering will remain the top intrusion vector through 2026, amplified by AI-driven tactics like deepfakes and synthetic identities.
To counter these threats, LevelBlue suggests:
User Education: Train employees to recognize fake CAPTCHA attacks like ClickFix and other browser-based threats.
Restrict Tools: Limit PowerShell and command prompt access for non-administrators.
Caller Verification: Implement MFA, code words, or identity verification platforms.
Secure Remote Access: Enforce MFA and certificates for VPNs; use jump boxes for external RDP access.
Remove Quick Assist: Disable unless required, as attackers exploit it in help desk scams.
Patch Management: Apply patches promptly, especially for vulnerabilities with public exploits.
The findings align with broader 2025 cybersecurity trends. The World Economic Forum’s Global Cybersecurity Outlook 2025 notes a 42% rise in phishing and social engineering attacks, with 47% of organizations citing AI-driven threats as a top concern. LevelBlue’s report builds on its inaugural edition, which highlighted phishing-as-a-service (PhaaS) kits like RaccoonO365 and persistent ransomware groups like Black Basta. The 1,450% rise in ClickFix campaigns underscores the growing sophistication of attackers, who leverage AI to scale operations, a trend also noted in Trend Micro’s 2025 Cyber Risk Report.
LevelBlue’s SOC and Labs teams collaborate to deliver real-time threat intelligence, integrating AI to enhance detection accuracy. The report emphasizes proactive measures like user awareness and robust MFA to combat the evolving threat landscape. For full details, download the report at www.levelblue.com or read the summary blog. A webcast discussing the findings is scheduled for August 7, 2025.
We simplify cybersecurity through award-winning managed services, experienced strategic consulting, threat intelligence, and renowned research. Our team is a seamless extension of yours, providing transparency and visibility into security posture and continuously working to strengthen it.
We harness security data from numerous sources and enrich it with artificial intelligence to deliver real-time threat intelligence- this enables more accurate and precise decision making. With a large, always-on global presence, LevelBlue sets the standard for cybersecurity today and tomorrow. We easily and effectively manage risks so you can focus on your business.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.