Ethical Hacking News
The threat landscape has evolved significantly in recent years, with infostealers becoming a popular choice among threat actors. This article provides an in-depth analysis of the rise of infostealers and ransomware, highlighting the need for organizations to prioritize prevention and detection upstream to stay ahead of adversaries.
Infostealers have become increasingly popular among threat actors, with over 160 million attack simulations revealing their effectiveness in evading detection. Infostealers are no longer opportunistic malware scraping browser passwords, but sophisticated tools used in complex adversary campaigns to steal sensitive data and exfiltrate it over long dwell times. Credential-harvesting malware, browser-targeted infostealers, and techniques like Credentials from Password Stores (T1555) were seen in 25% of this year's malware samples. Encryptionless ransomware attacks have risen, relying on stealing data and threatening to leak it publicly rather than encrypting it and demanding payment for decryption. Data exfiltration prevention remains critically low at 3%, despite the rise in infostealer usage, highlighting a lack of outbound monitoring and detection capabilities. The report emphasizes the need for organizations to prioritize prevention and detection upstream, using continuous threat exposure management (CTEM) and adversarial exposure validation (AEV).
The threat landscape has undergone a significant shift in recent years, with attackers adapting their tactics to evade traditional security controls. One notable development is the rise of infostealers, which are increasingly being used by adversaries to steal sensitive data from organizations. These tools have evolved into targeted, persistent malware that can bypass traditional security measures and remain undetected for extended periods.
According to the Picus Blue Report 2025, a comprehensive analysis of real-world attack simulations conducted across the globe, infostealers have become an increasingly popular choice among threat actors. The report highlights that infostealer usage has skyrocketed, with over 160 million attack simulations revealing the effectiveness of these tools in evading detection.
Infostealers are no longer simply opportunistic malware scraping browser passwords from unsuspecting users. Instead, they have evolved into sophisticated tools used in complex adversary campaigns designed to stay quiet, remain undetected, and exfiltrate data over long dwell times. These threats pose a significant risk to organizations, as they often succeed without triggering alarms and can bypass traditional security controls by using stolen credentials and impersonating legitimate access.
The Blue Report 2025 also reveals that credential-harvesting malware, browser-targeted infostealers, and techniques like Credentials from Password Stores (T1555) were seen in 25% of this year's malware samples. This highlights a broader pivot toward data theft by attackers, who are increasingly focusing on stealing sensitive information rather than relying solely on noisy malware and adversary tactics.
One notable example is the rise of encryptionless ransomware attacks. Rather than encrypting data and demanding payment for decryption, these variants now rely on encryptionless extortion: stealing data, then threatening to leak it publicly. No encryption, no ransom key – just leverage. The Blue Report 2025 shows that BlackByte (26% prevention), BabLock (34% prevention), and Maori (41% prevention) ransomware variants continue to evade controls not because defenders lack recovery strategies but because other tactics like credential abuse, lateral movement, and exfiltration just aren't being effectively blocked.
Another critical issue highlighted by the Blue Report 2025 is the lack of outbound monitoring. Data exfiltration prevention remains critically low at 3%, despite the rise in infostealer usage. This is a concerning signal, as organizations are struggling to detect what goes out rather than focusing on what comes in. Most organizations have stronger visibility into malware payloads and phishing attachments but are limited in their ability to detect sensitive data being exfiltrated.
The report emphasizes the need for prevention and detection upstream before data leaves the network, and before credentials are abused to impersonate internal users. This requires a more proactive approach to security, one that prioritizes continuous threat exposure management (CTEM) and adversarial exposure validation (AEV).
By understanding how their specific business sector or geographic region compares to others and which attack techniques are most often successful in their sector or region, security teams can prioritize strengthening their defenses based on context rather than assumptions. The Blue Report 2025 offers a comprehensive view of exposure across industries, regions, attack vectors, ransomware families, MITRE ATT&CK tactics and techniques, and recently discovered vulnerabilities.
The report provides a data-driven look at the state of enterprise defenses across industries, regions, and attack surfaces. It evaluates prevention and detection performance against industry-recognized MITRE ATT&CK tactics and techniques, ransomware strains, infostealer behaviors, and newly disclosed vulnerabilities discovered in 2024 and 2025.
Overall, the Blue Report 2025 highlights a concerning trend: defenders are falling behind on detecting the very tactics that adversaries now favor the most. Attackers are exploiting gaps in security controls to harvest credentials and steal sensitive files, usually without detection. The report emphasizes the need for organizations to prioritize prevention and detection upstream and adopt a CTEM strategy backed by AEV.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Evolving-Threat-Landscape-Understanding-the-Rise-of-Infostealers-and-Ransomware-ehn.shtml
https://www.bleepingcomputer.com/news/security/when-theft-replaces-encryption-blue-report-2025-on-ransomware-and-infostealers/
Published: Thu Aug 14 11:01:20 2025 by llama3.2 3B Q4_K_M
