Threat Trends Report Highlights Surge In PhaaS Kits

As threat actors continue leveraging familiar malware campaigns, security awareness and proactive defense measures become even more essential, according to LevelBlue.

Phishing-as-a-service (PhaaS) kits have gained traction, and business email compromise (BEC) remains the most common form of cyber attack, according to a new report from LevelBlue. The inaugural 2025 LevelBlue Threat Trends Report, Edition One, analyzes dominant cyber threat activity observed between June 1 and November 30, 2024. The LevelBlue security operations and LevelBlue Labs teams also found that ransomware groups also continue to exploit weaknesses in organizations’ security configurations, with familiar malware campaigns still causing significant damage.

PhaaS is a major cybersecurity risk for businesses, especially for the financial industry. Because PhaaS kits are increasingly accessible, it is easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the report, the use of a new PhaaS known as RaccoonO365 has surfaced. The kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

Phishing-as-a-service (PhaaS)
(Photo: Adobe Stock / Philip Steury)

BECs made up more than 70% of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to elicit further information or access from the victims.

The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60% of the total malware attacks observed across the LevelBlue customer base. Their consistent use indicates that threat actors are still finding value in leveraging older campaigns.

“Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering,” said Ken Ng, Lead Cybersecurity Specialist, LevelBlue MDR Threat Hunting. “The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today’s most prevalent threats.”

Best Practices For Fighting Threats

The report recommends a number of best practices to help organizations protect against threats, including:

  • Design secure conditional access policies, leverage properly configured email security gateways that can detect malicious attachments, perform phishing analysis, and allow for rules to block certain attachment types and domains within emails.
  • Employ the principle of least privilege throughout the organization.
  • Utilize endpoint detection and response (EDR) and network detection and response (NDR) platforms to detect when there is anomalous lateral movement within a network.
  • Remain alert for vendor communications that advise of vulnerabilities affecting software or devices, and immediately patch any impacted technologies.
  • Have a recovery plan in place for when it is suspected or discovered that an attacker has obtained access to a domain controller and the credentials of multiple users.
Read more business continuity related technology news on Continuity Insights.

Business Continuity, Cyber, Enterprise Risk, Featured, Financial, Security, Technology

Business email compromise (BEC), cyber threat activity, Cybersecurity, LevelBlue, malware, Network Security, PhaaS, PhaaS Kits, Phishing-as-a-service, RaccoonO365, security, technology, Threat Intelligence, Threat Trends Report

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...