"In its annual Red Report, a body of research that analyzes real-world attacker techniques using large-scale attack simulation data, Picus Labs warns cybersecurity professionals that threat actors are rapidly shifting away from ransomware encryption to parasitic "sleeperware" extortion as their means to loot organizations for millions of dollars per attack. Released today and now in its sixth year, the 278-page Red Report gets its name from Picus-organized cybersecurity exercises that take the perspective of the attacker's team, otherwise known as the "red team.""
"For example, when a threat actor encrypts an organization's systems -- essentially freezing the organization out of its own information technology until a ransom is paid -- the unique MITRE ATT&CK Technique ID that describes that approach is T1486."
"Based on its analysis of more than one million malicious files and 15 million adversarial actions observed in 2025, Picus Labs ranks how threat actors rely on the different MITRE ATT&CK techniques and then notes how those techniques are trending up or down compared to previous years."
Threat actors shifted in 2025 from direct ransomware encryption toward parasitic sleeperware extortion that remains dormant until activation to extract multi-million-dollar payouts. Analysis of more than one million malicious files and 15 million adversarial actions observed in 2025 maps attacker technique usage to the MITRE ATT&CK framework and ranks technique reliance and directional trends. Ransomware encryption incidents (MITRE technique T1486) declined while stealthy, dormant malware designed to evade immediate detection rose in prevalence. Red-team style attack simulations and large-scale telemetry reveal which ATT&CK techniques adversaries favor and which techniques are increasing or decreasing year over year.
Read at ZDNET
Unable to calculate read time
Collection
[
|
...
]