SecurityBrief Canada - Technology news for CISOs & cybersecurity decision-makers
Canada

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Hooded figure computer puzzle pieces lock icons cyber threats dark shadows
#
Firewalls
#
Network Security
#
MFA

LevelBlue warns cyber incidents jump as social engineering rises

Thu, 31st Jul 2025
Author image
By Catherine Knowles, Journalist

LevelBlue has released its latest Threat Trends Report, revealing significant changes in cyberattack patterns and a marked increase in incident rates during the first half of 2025.

Incident rates rise

The report, analysing data from January through May 2025, shows that the percentage of LevelBlue customers experiencing cybersecurity incidents surged from 6% in the second half of 2024 to 17% in 2025. This threefold increase highlights escalating risks to organisations across various sectors.

The report attributes this sharp rise in part to evolving tactics employed by cybercriminals. While Business Email Compromise (BEC) continues to be the most frequent method for gaining initial access to systems, there has been notable growth in alternative approaches. Non-BEC incidents increased by 214%, indicating that attackers are diversifying their methods to infiltrate networks.

Faster breakout times

LevelBlue's findings indicate that once attackers penetrate a network, they are moving laterally inside these environments at unprecedented speeds. The average breakout time (the duration between initial access and lateral movement) has now dropped to under 60 minutes, with certain cases recorded at less than 15 minutes.

Social engineering surge

The report points to a considerable surge in social engineering attacks, with 39% of initial access incidents linked to these techniques. This trend is particularly evident in the prevalence of fake CAPTCHA-based attacks, such as ClickFix campaigns. These campaigns, designed to trick users into providing credentials or executing malware, saw an increase of 1,450% from the second half of 2024 to the first half of 2025.

A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception. They're moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door. Once inside, they're deploying remote access trojans and quickly covering their tracks, allowing them to move laterally through networks with alarming speed. This isn't a one-off trend – we fully expect this shift to continue throughout 2026.

This detailed assessment comes from Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue, underscoring a consistent and increasing sophistication in attackers' use of deception as part of their strategies.

Recommendations for defence

In response to these trends, LevelBlue has set out several recommendations for organisations seeking to bolster their cyber defences. These include raising awareness among users about threats posed by fake CAPTCHA attacks and other browser-based vectors, and considering restrictions on PowerShell or command prompt use for non-administrator accounts.

The report suggests that firms develop and enforce caller verification protocols, such as multi-factor authentication (MFA), code words or phrases, or the use of identity verification platforms. It also advises mandatory implementation of MFA and digital certificates for VPN access, as well as deployment of jump boxes for remote desktop access from outside organisational networks.

Another recommendation is the removal of Quick Assist from all end-user machines unless there is a specific business requirement, alongside following established guidelines to prevent the unauthorised download and execution of remote monitoring and management (RMM) software. The report notes that in help desk-themed attacks, threat actors may leverage other tools if Quick Assist is unavailable.

Patch management also features prominently among suggested actions. Organisations are reminded to remain vigilant regarding vulnerabilities and to install updates promptly - especially where proof-of-concept exploits have been publicly released.

Working together on cyber threats

The LevelBlue Security Operations Centre collaborates closely with LevelBlue Labs researchers to monitor evolving threats and develop effective countermeasures. This teamwork involves sharing intelligence and methodologies as well as joint research projects, with the aim of strengthening defences across client organisations.

The LevelBlue Threat Trends Report is intended to provide organisations with clear insight into current cyber threat landscapes and practical steps to reduce exposure to increasing and more sophisticated attacks.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Barracuda unveils AI assistant to boost security team efficiency
Fortinet reports strong Q3 revenue growth & SASE adoption surge
Seven critical ChatGPT flaws expose users to data theft risks
Check Point scores 99.59% in top firewall security report by NSS
Retailers hit by ransomware face higher USD $2 million demands

Top stories

Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update