Advancement in Cyber Threat Landscape: Growing Subtlety and Sophistication in Digital Attacks Anticipated by 2025 Report
The Obrela Digital Universe Report for the first half of 2025 provides a comprehensive overview of the global cybersecurity threat landscape. The report, based on data from Obrela's global Managed Detection and Response (MDR) infrastructure, analyses over 16.8 petabytes of telemetry data from more than 522,000 monitored endpoints.
The report reveals that brute-force attacks accounted for 27% of all alarm activities, while vulnerability scans and IoC matches accounted for 22% and 20% respectively. The healthcare and shipping sectors faced high malware volumes, making up 25% and 62% of incidents, respectively.
Southeast Europe and North Europe were the most affected regions, accounting for 35.31% and 31.22% of attacks, respectively. The Middle East faced 18.27% of attacks, while Asia had 11.98%. Africa, on the other hand, had a relatively low share of total attacks but faced a disproportionately high volume of insider threats and reconnaissance activities.
The financial services sector faced 32% of total attacks, with 26% caused by insiders. Retail and e-commerce remain the most targeted sector, accounting for 28% of all attacks. The logistics sector experienced 62% malware-based threats.
The telecommunications industry had 95% of incidents that were industry-specific. The system generated 876,842 alerts and identified 11,351 confirmed cyber attacks.
The report highlights the activities of various threat groups. Chinese APTs exploited zero-days in Ivanti, SAP, and VPNs. Chinese, Russian, North Korean, Indian, and Pakistani groups were active in exploiting zero-day vulnerabilities, stealthy access, and supply chain compromise, targeting various sectors.
The Lazarus group, a North Korean entity, targeted cryptocurrency infrastructure. Russian APTs focused on stealthy access and supply chain attacks. Established ransomware groups like Cl0p and BlackCat remained strongly represented across all sectors. New ransomware actors like EncryptHub and NightSpire demonstrated high evasion capabilities and rapid deployment models.
Qilin and Akira remained active leaders in ransomware activities, while Qilin was the most active ransomware group in the second quarter of 2025. The Middle East and Asia continued to witness significant state-sponsored activities.
The report also notes a high concentration of insider threats in Africa. African regions faced only 2.1% of attacks, but a high concentration of insider threats was observed.
In conclusion, the first half of 2025 saw a diverse range of cyber threats targeting various sectors and regions. The report underscores the need for robust cybersecurity measures and continuous monitoring to protect against these threats.
Read also:
- Musk threatens Apple with litigation amidst increasing conflict surrounding Altman's OpenAI endeavor
- Transitioning to Electric Vehicles Places Heavy Demand on Power Grids
- E-mobility continues its progress after a decade since the scandal, staying on course
- The Commission deems the assistance program to be in agreement with the domestic market regulations.
