Discover expert insights, industry trends, and practical tips to optimize your IT infrastructure and boost business efficiency with our comprehensive blog.
Huntress 2025 Cyber Threat Report: Key Trends and Industry Impact (Part 1 of 2)
Cyber Threats: Sophisticated Attacks Become the New Normal
Huntress 2025 Cyber Threat Report: Key Trends and Industry Impact (Part 1 of 2)
The recently released Huntress 2025 Cyber Threat Report provides critical insights into the evolving cybersecurity landscape of 2024. In this first part of our two-part series, we’ll examine the key threats, industry-specific impacts, ransomware trends, and the tools attackers used throughout the year.
The 2024 Threat Landscape
The past year saw a significant evolution in cyber threats, with infostealers leading the pack at 24% of all incidents, followed closely by malicious scripts at 22%. Remote Access Trojans (RATs) and general malware made up 13% and 17% of incidents respectively, while ransomware accounted for 9.5% of attacks.
A particularly concerning trend was the democratization of sophisticated attack methods – techniques once reserved for targeting large enterprises are now being deployed against businesses of all sizes. Attackers have effectively standardized their methodologies across targets, regardless of organization size.
Healthcare faced the highest risk of malicious script executions throughout 2024.These scripts were primarily used for persistence, often appearing as JavaScript components of malware, downloaders, and system analysis tools. Many scripts were intercepted before execution, making it difficult to associate them with specific malware families. However, most appeared to be related to infostealers like Gootloader and PowerShell components used for obfuscation or anti-analysis techniques.
Threat Distribution:
Malicious scripts: 22%
Infostealers: 19%
Malware: 16%
RMM abuse: 9%
RATs: 7%
Ransomware: 8%
Other: 19%
Technology Sector (12% of Total Attacks)
The technology sector saw attackers shift their strategies to leverage tools commonly used by employees, helping them blend into networks. Most notable was the abuse of RMM tools for both initial access and lateral movement. Password dumping and keylogging campaigns specifically targeting technology companies used tools like Mimikatz, lazagne, and the infostealers Meduza and Strela, followed by credential abuse for lateral movement.
Threat Distribution:
Malicious scripts: 19%
Infostealers: 18%
Malware: 14%
RMM abuse: 14%
RATs: 9%
Ransomware: 8%
Lateral movement: 6%
Other: 12%
Education Sector (21% of Total Attacks)
Educational environments faced similar threats to healthcare, but with malicious scripts being the most commonly identified threat. Unlike healthcare’s prevalence of Java-based attacks, education saw PowerShell, VBScript, and WMI abuse as the top threats. RMM abuse was slightly higher in educational environments, as these systems often rely on remote administration tools for management.
Threat Distribution:
Malicious scripts: 24%
Infostealers: 16%
Malware: 13%
RMM abuse: 13%
Ransomware: 7%
RATs: 6%
Lateral movement: 4%
Other: 17%
Government Sector (11% of Total Attacks)
Government environments were heavily targeted with information-stealing components, downloaders/persistence mechanisms, and RATs. SOCGholish, AsyncRAT, and JupiterRAT were popular malware families used for remote access. The sector saw an increase in Cobalt Strike and Bloodhound toolkit usage compared to other industries, though these numbers were far less than LOLBin abuse.
Threat Distribution:
Infostealers: 21%
Malicious scripts: 18%
Malware: 16%
RATs: 10%
RMM abuse: 9%
Lateral movement: 8%
Ransomware: 5%
Other: 13%
Manufacturing Sector (9% of Total Attacks)
Manufacturing showed unique patterns in 2024, with a high number of RAT installations including AsyncRAT, Trickbot, NetSupport, and NewCoreRAT. The sector faced the most evenly distributed list of scripting languages from malicious scripts, with PowerShell leading but WMI, JavaScript, and VBScript also commonly used. Notably, 23% of malware in this sector disguised itself as Adobe components.
Threat Distribution:
Malware: 17%
Infostealers: 15%
Malicious scripts: 15%
RATs: 13%
RMM abuse: 12%
Hacking tools: 8%
Ransomware: 6%
Other: 14%
Ransomware Trends
The average time-to-ransom (TTR) in 2024 was approximately 17 hours, with significant variations between different ransomware groups. Some groups like Akira deployed ransomware within six hours of initial access, while others took a more methodical approach.
On average, attackers performed 18 malicious actions before deploying ransomware, with activities ranging from reconnaissance to privilege escalation and data exfiltration. Groups focusing on data theft and extortion typically performed more actions compared to those prioritizing rapid encryption.
Threat actors heavily relied on specialized tools for automation and system compromise. Key statistics include:
RATs dominated remote access methods at 75% of incidents
RMM tool abuse represented 17.3% of remote access methods
ConnectWise ScreenConnect abuse accounted for 74.5% of RMM exploitation
Cobalt Strike remained the top hacking tool at 31.7% of detected tools
Mimikatz followed at 17.6% of hacking tool usage
(Most Common Remote Access Methods Used Across 2024 – Source: Huntress 2025 Cyber Threat Report)
How CinchOps Can Help
In response to these evolving threats, CinchOps offers comprehensive cybersecurity solutions tailored to your industry’s specific needs:
24/7 Threat Monitoring and Response
Real-time threat detection powered by AI and machine learning
Continuous monitoring of network and endpoint activity
Rapid incident response capabilities
Industry-Specific Security Solutions
Customized security protocols based on your sector’s unique threats
Specialized protection against prevalent attack vectors
Compliance-focused security measures
Advanced Threat Protection
Protection against RATs and malicious scripts
Comprehensive ransomware defense
Data backup and recovery
Security Assessment and Training
Regular security posture assessments
Employee security awareness training
Incident response planning and testing
Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.
Stay tuned for Part 2 of our series, where we’ll examine hacker activity patterns, identity threats, and the latest phishing techniques observed in 2024. Contact CinchOps today to learn how our comprehensive security solutions can protect your organization against these evolving threats.
