Lumu 2025 Compromise Report Finds Key Trends Across Evasion, Malware, and Phishing Attack Vectors

Report examines current cybersecurity trends, increase of malware in different industries, and MITRE tactics used by cyber criminals

Lumu, the cybersecurity company pioneering Continuous Compromise Assessment, today issued the 2025 Compromise Report identifying three key cybersecurity trends including new phishing techniques, a rise in certain forms of malware, and increasingly clever evasion techniques such as anonymizers and droppers. The report also found an increase in attacks across four essential sectors including Education, State and Local Government, Finance, and Healthcare, with the SLED sector (a combination of State and Local Government and Education) facing 60% of recorded anonymous attacks, 50% of droppers attacks, and 70% of ransomware attacks.

“Today’s cybersecurity landscape is a continuously shifting battleground. Unfortunately, evasion is no longer the exception – it’s fast becoming the norm. In order for today’s organizations to effectively defend themselves against a constant onslaught of threats, they need to better understand how their enemies and their tactics are changing,” said Ricardo Villadiego, Founder and CEO of Lumu. “Our latest report provides essential insights into the evolving tactics, techniques, and procedures adversaries are using to get past even the most robust defenses and emphasizes the need for continuous detection, a well-integrated stack, and up-to-date intelligence.”

The report notes that attackers are getting savvier at bypassing security controls, leveraging techniques like Living-off-the-Land (LotL) and exploiting vulnerable drivers. Anonymizers and droppers are also being used to hide attackers’ actions, while they simultaneously deliver harmful software. Malware, too, is getting better at evading detection. Hackers are increasingly turning to infostealers, which use fileless execution and obfuscation, to steal a wider range of data, and in doing so pave the way for ransomware and other attacks. Phishing attacks are also evolving, whereby attackers are using AI for polymorphic emails, exploiting MFA fatigue, and using quishing—the use of Quick Response (QR) codes in phishing—to fool users.

The report also provides an in-depth case study of Lumma Stealer, a common type of infostealer that is now the top type of malware and which accounts for over 25% of recorded infostealer attacks worldwide and over 50% of infostealer attacks on the US SLED sector.

Other key findings include:

• Almost 40% of ransomware attacks in the US targeted the education sector
• New phishing attack techniques, including fake-CAPTCHA, AI-powered polymorphic phishing, and quishing, are on the rise
• While phishing attempts were detected across all sectors, essential services such as education, associations and nonprofits, government, IT and software companies, finance, and healthcare, were the most popular targets
• Defense evasion is the most-used MITRE tactic in cyber incidents today
• Attackers are using execution tactics to run malicious software on compromised systems, with the most common technique being Malicious File (T1204.002)

To read a full copy of the report, please visit 2025 Compromise Report. To learn more about Lumu’s industry-leading cybersecurity solutions, visit lumu.io.

About Lumu

Lumu is a cybersecurity company that helps organizations operate cybersecurity proficiently by measuring and understanding compromise in real time. Through its Continuous Compromise Assessment model, Lumu empowers security teams to act immediately on confirmed compromises and minimize risk exposure. For more information, visit www.lumu.io.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250626449228/en/

"Our latest report provides essential insights into the evolving tactics, techniques, and procedures adversaries are using to get past even the most robust defenses."