Per Colleen Frye, executive editor of MSP Success
Huntress Report: Hackers Getting More Automated and Sophisticated
The just released Huntress 2025 Cyber Threat Report finds that hackers are maximizing their efficiency with automation. According to the report, the majority (87%) of attacks in 2024 were automated or helped by automated tools, with hackers using malware, scripts, and other automated methods to conduct widespread, low-effort campaigns efficiently. Once attackers got access, they moved to more focused hands-on-keyboard (HOK) activity, representing 13% of activity, where manual actions like lateral movement or domain enumeration were executed.
Phishing attacks also grew more sophisticated, with attackers moving towards tactics like QR code phishing and Living Off Trusted Sites (LoTS). QR code phishing—where users are sent an email with a QR embedded that directs to a malicious site—accounted for 8.1% of phishing emails, while 7% involved LoTS, a tactic that abuses legitimate platforms to share malicious documents.
The top target for hackers in 2024 was education, followed by healthcare and technology. Hackers used tactics like credential theft, abuse of RMM tools, and malicious updates disguised as legitimate software to infiltrate educational institutions.
Ransomware and Extortion
Ransomware groups are moving faster now, Greg Linares, principal threat intelligence analyst at Huntress, tells MSP Success, making it more critical not to miss an alert. They are also doing more planning and reconnaissance before launching the attack, often purchasing credential data from infostealers, he notes. The Huntress report finds that infostealers accounted for nearly a quarter (24%) of all observed incidents. Even adware and other unwanted programs, once seen as harmless infections, now have infostealing features that take sensitive data, contributing to a rise in infostealer incidents.
Another key finding, according Linares, is that more hackers are turning to extortion in lieu of ransomware. Instead of encrypting drives, hackers are threatening to leak data unless the organization pays an extortion fee. “That’s a tale for DLP [data leak prevention] companies as well right now,” Linares says. “In my humble opinion, DLP is woefully unprepared.”
Want to know more about staying safe online?
Reach out for a FREE Cybersecurity Vulnerability & Risk Assessment. We’ll evaluate your current setup, identify vulnerabilities and leave you with actionable steps to improve your technology to keep you safe.
Click here or call us at 877-223-7188 to schedule now!