Huntress 2025 Cyber Threat Report: Proliferating RATs, Evolving Ransomware, and Other Findings

At Huntress, we like to wreck hackers. But to take them down, we first have to understand how they operate. That’s why we created the 2025 Cyber Threat Report—an in-depth exploration of the nasty tactics, trends, and techniques reshaping cybersecurity today.

Here, we highlight key findings from the past year, offering a snapshot of the malicious strategies our analysts uncovered. Whether you’re an IT professional, cybersecurity practitioner, or business owner, these insights can provide actionable guidance to help you stay one step ahead of ever-evolving cyber threats.

‍

Top takeaways from the 2025 Cyber Threat Report

Throughout 2024, Huntress' threat analysts looked at data from thousands of organizations and millions of endpoints, revealing the key trends that show how adaptable and relentless today’s malicious hackers are.

• Remote access trojans (RATs) are more popular: Over 75% of remote access incidents utilized RATs such as AsyncRAT and Jupyter. These tools are becoming more sophisticated, making multilayered defenses like endpoint detection and response (EDR) essential.
• Remote monitoring and management (RMM) tools are being exploited. Attackers are weaponizing legitimate software like TeamViewer and LogMeIn to facilitate lateral movement and maintain long-term access to systems. For environments that use RMM tools, we highly suggest increasing vigilance, enhancing access controls, and closely monitoring your tools. 
• Ransomware strategies are evolving: Attacks are shifting from traditional encryption to data theft and extortion. Groups like RansomHub and Akira now incentivize stolen data with big rewards, making these tactics quite lucrative. The future may see ransomware operators leaning even more into extortion (or double extortion) strategies—a trend driven by the efficacy of EDR solutions and mounting pressure from government takedown efforts.
• “Living off the land” techniques are on the rise: Threat actors are doubling down on using legitimate tools like Sysinternals Suite and LOLBins to evade detection. Organizations must remove unnecessary software and enforce strict execution policies to mitigate this threat.
• Phishing tactics are becoming more advanced: From QR code phishing to brand impersonation, threat actors are deploying clever methods to outsmart traditional email security. Improving security awareness training and implementing layered defenses are more essential than ever to counter these sophisticated techniques.

‍

How these trends took shape in 2024

The findings from our 2025 Cyber Threat Report are grounded in real-world data with a comprehensive view of how malicious hackers operate today. Our threat analysts observed patterns across industries like healthcare, education, government, and manufacturing, and these growing trends stood out:

1. Infostealers are gaining momentum: Nearly 24% of incidents involved infostealers designed to extract sensitive credentials, financial data, and other private information.
2. Malicious scripts are surging: Scripts made up 22% of detected attacks, using PowerShell, VBScript, and JavaScript to perform stealthy, efficient attacks.
3. Ransomware is fragmenting: Despite takedowns of large groups like Hive and LockBit, smaller, flexible affiliates have risen to fill the gap. Unfortunately, this led to more unpredictable, widespread attacks.

‍

Why these findings matter

The 2024 cybersecurity landscape exposes a simple yet alarming truth: threat actors aren’t slowing down. Because hackers' tactics and tools are evolving, you must take a proactive approach that prioritizes awareness, preparation, and consistent upgrades to defense strategies.

Understanding the tactics outlined in this report is the first essential step. By educating your teams, using multiple layers of security, and staying informed about emerging risks, you and your organization will be ready to take on any challenges that come your way.

‍

Get more from the report and stay one step ahead

The insights from our 2025 Cyber Threat Report spotlight the critical need to stay ahead of malicious hackers. With tools like RMM software and phishing techniques becoming more advanced, protecting data, systems, and users is an ongoing battle—but one you can win. 

While there’s no one-size-fits-all solution, embracing layered defenses, removing unnecessary vulnerabilities, and training your team to spot threats are actionable steps everyone should take right now. 

Download the entire 2025 Cyber Threat Report to gain a deeper understanding of these trends and learn more strategies for keeping your organization safe.