Infostealer Malware, Cloud Data Exposure, and Geopolitical Risks Lead the Global Cyber Threat Landscape According to Mandiant’s Latest Analysis
The annual report M-Trends 2025, produced by Mandiant, a threat intelligence firm integrated with Google Cloud, presents a comprehensive analysis of the main tactics, groups, and vulnerabilities exploited by cybercriminals in 2024. Based on over 450,000 hours of incident response investigations, this report reveals a troubling reality: attackers are refining their methods, broadening their targets, and taking advantage of every gap to infiltrate corporate networks.
Rise of Infostealers: Credentials as Access Currency
One of the most significant findings in the report is the sustained growth in the use of infostealer malware. This type of malicious software is designed to steal credentials, cookies, browsing data, and cryptocurrency wallets. Models like VIDAR, RACCOON, and REDLINESTEALER are actively being used to facilitate unauthorized access.
Mandiant detected that stolen credentials were used in 16% of intrusions during 2024, a rebound from the 10% recorded in 2023. These credentials are mass sold on underground forums, representing a persistent threat even years after their original theft.
Entry Vectors: Exploits and Phishing Still Dominating
In 33% of analyzed cases, attackers exploited known vulnerabilities (exploits) as their entry point. Phishing, although less prevalent, remains an effective method (14%), especially in complex campaigns that combine it with credential theft.
Insider threats also gained prominence, particularly in campaigns attributed to North Korean IT workers (UNC5267) who, under false identities, secured remote jobs to access sensitive corporate systems.
Cloud and Poorly Secured Data in the Crosshairs
The migration to cloud environments without proper configuration has led to numerous breaches. Mandiant detected multiple incidents related to configuration errors and unmonitored privileged access. Additionally, there were numerous reports of poorly protected data repositories, exploited by attackers to extract critical information.
The report also warns of specific attacks against Web3 platforms and cryptocurrency systems, motivated by the rapid adoption of these technologies and the promise of significant financial rewards.
Average Time to Compromise and Most Affected Sectors
For the first time since 2010, the global average time attackers remained undetected increased from 10 days in 2023 to 11 days in 2024. This data, while lower than the 16 days recorded in 2022, reflects greater sophistication in evasion tactics and persistence within compromised networks.
The financial sector was once again the most attacked, accounting for over 17% of total investigations, followed by sectors like technology, telecommunications, and healthcare.
Geopolitical Threats: North Korea and Iran Under the Radar
The report dedicates a special section to geopolitical threats. Active campaigns by actors tied to Iran were identified amid instability in the Middle East. It also details covert operations by North Korean IT workers, who infiltrated international companies to access confidential data and even extorted companies after being discovered.
Key Recommendations from Mandiant
The report concludes with a series of strategic recommendations to strengthen organizations’ security posture:
- Secure the Cloud: Review configurations, control access, and monitor hybrid environments.
- Mitigate Internal Risk: Implement stricter hiring filters and continuous oversight.
- Protect Sensitive Data: Employ encryption, data labeling, audits, and risk-based segmentation.
- Enhance Employee Education: Train employees to identify social engineering attempts and inappropriate use of personal systems.
In Mandiant’s words, “Attackers not only seize opportunities; they create them.” In such a dynamic digital landscape, shared knowledge is the best defense. The full report is available at Google Cloud M-Trends.