This H1 2025 report shows banking and finance now top the target list, followed by manufacturing, business services, retail, and healthcare, with ransomware groups Clop, Akira, Qilin, RansomHub, and Play driving 43% of cases. Attacks peak between 1400–1700 UTC, especially at 1500, and are dominated by credential abuse: valid accounts and brute force now outrank phishing. Threats increasingly use LOLBINs, AI-enhanced phishing, malicious open source packages, chat and QR-based social engineering, and OT/ICS disruption. Recommended defenses center on strong identity security, AI-assisted detection, OT segmentation, supply chain controls, and continuous exposure management.

Join for free to read