Picus Labs quantified 2025 shift toward stealth, persistence, and credential theft
Target Trend
Summary
Hide ▲
Show ▼
Picus Labs quantified a broad shift in 2025 attacker tradecraft toward stealth, persistence, and credential theft, reducing the role of overt encryption and raising the risk of long-lived compromise across enterprise environments. The findings, based on 1.1 million malicious files and 15.5 million adversarial actions, show that attackers are increasingly optimizing for dwell time rather than immediate disruption. Data Encrypted for Impact fell 38% year over year, while Credentials from Password Stores appeared in 23.49% of observed attacks, signaling a move toward quieter access and identity abuse.
Related Happenings
Advanced sandbox-evasion techniques in 2025 malware samples
Technical Analysis
First: 10.03.2026 16:02
Last: 10.03.2026 16:02
Sources 1
About this happening:
Advanced **virtualization and sandbox evasion (T1497)** is helping malware avoid **detonation-based analysis**, increasing the chance that suspicious files appear clean in automat...
Advanced sandbox-evasion techniques in 2025 malware samples
Technical AnalysisAbout this happening: Advanced **virtualization and sandbox evasion (T1497)** is helping malware avoid **detonation-based analysis**, increasing the chance that suspicious files appear clean in automat...
Stealth-first attacker tradecraft shifts toward covert exfiltration for extortion in 2025
Target Trend
First: 10.02.2026 16:00
Last: 10.02.2026 16:00
Sources 1
About this happening:
Attackers are increasingly using **stealthy persistence** and **evasion** to **silently exfiltrate data for extortion**, making detection harder across monitored environments. A *...
Stealth-first attacker tradecraft shifts toward covert exfiltration for extortion in 2025
Target TrendAbout this happening: Attackers are increasingly using **stealthy persistence** and **evasion** to **silently exfiltrate data for extortion**, making detection harder across monitored environments. A *...
Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
**Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Rising encryptionless extortion incidents against enterprises in 2025
Target TrendAbout this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Timeline
-
10.02.2026 15:59 2 articles · 3mo ago
Picus Labs Red Report 2026 quantifies stealth-first attacker tradecraft
Technical Analysis UpdatePicus Labs' Red Report 2026 quantified a 2025 shift toward long-lived, stealthy access across enterprise environments, based on over 1.1 million malicious files and 15.5 million adversarial actions. Data Encrypted for Impact (T1486) fell 38% year over year to 12.94% in 2025, while Credentials from Password Stores (T1555) appeared in 23.49% of attacks and the top MITRE ATT&CK techniques increasingly favored Process Injection (T1055), Boot or Logon Autostart Execution (T1547), Application Layer Protocols (T1071), and Virtualization and Sandbox Evasion (T1497). The report also found no meaningful increase in AI-driven malware techniques across the 2025 dataset.
Show sources
- From Ransomware to Residency: Inside the Rise of the Digital Parasite — thehackernews.com — 10.02.2026 15:59
- From Ransomware to Residency: Inside the Rise of the Digital Parasite — thehackernews.com — 10.02.2026 15:59