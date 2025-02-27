Research Reveals Evolving Tactics

Findings underscore how cybercriminals are adapting their methods to bypass stronger defenses.

Feb 27, 2025
Hacking Alarm

Arctic Wolf®, a leading provider of security operations offerings, has released its annual Arctic Wolf Threat Report, offering an in-depth analysis of the evolving cyber threat landscape. This year’s findings underscore how cybercriminals are adapting their methods to bypass stronger security defenses—prioritizing data theft, refining business email compromise (BEC) scams, and exploiting known vulnerabilities to infiltrate organizations.

The report provides a detailed examination of the tactics, techniques, and procedures (TTPs) attackers are using to outmaneuver traditional defenses. It also offers actionable recommendations for organizations looking to enhance their cybersecurity resilience.

“The 2025 Arctic Wolf Threat Report highlights a critical shift in cybercriminal behavior,” said Kerri Shafer-Page, vice president of incident response at Arctic Wolf. “Threat actors are no longer just locking up data with ransomware; they’re stealing it first to maximize pressure on victims.”

Key findings from the report include:

  • Steal first, extort second. As organizations improve their ability to recover from ransomware, cybercriminals have turned to data exfiltration to increase leverage—96 percent of ransomware cases analyzed included data theft.
  • The cybercrime trifecta. Three types of cybersecurity incidents account for 95 percent of all incident response (IR) cases: ransomware 44 percent, business email compromise (BEC) 27 percent, and intrusions 24 percent.
  • Threat actors follow the money. BEC continues to grow as a preferred tactic, particularly in the finance and insurance sector, where it accounted for 53 percent of IR cases—making it the only industry where BEC outpaced ransomware.
  • Patch or pay. In 76 percent of intrusion cases, attackers exploited just 10 specific vulnerabilities—none of which were zero-days, and most linked to remote access tools and externally facing services. This reinforces the need for proactive patch management.
  • Ransomware’s price tag: $600K. Median ransom demands remain high at $600,000, demonstrating that ransomware remains a lucrative business for cybercriminals despite increased law enforcement action.

The 2025 Arctic Wolf Threat Report brings together incident responders and researchers, data scientists and engineers to provide a comprehensive analysis of today’s evolving cyber threat landscape. Additional insights are available by downloading the full 2025 Arctic Wolf Threat Report.

