LinkedIn Facebook YouTube
Events 4
Home Press center Global Threat Landscape 2025 by ExtraHop: Key Takeaways
Global Threat Landscape 2025 by ExtraHop: Key Takeaways- image 1
News
Published:

Global Threat Landscape 2025 by ExtraHop: Key Takeaways

The article is also available at:
Polish

Over the past year, the cybersecurity landscape has undergone a rapid transformation. A series of security incidents have proven that the effects of cyberattacks can be not only costly but paralyzing for entire sectors of the economy.

One of the most severe examples was the ransomware attack on Change Healthcare, which crippled a significant portion of the healthcare infrastructure in the United States. Cybercriminals, using stolen credentials, stole data from nearly 192.7 million people – the largest medical information leak in history. The consequences extended far beyond data loss: paralyzed payment systems, non-operational pharmacies, and blocked settlements forced healthcare facilities to operate in emergency mode for weeks.

This and similar incidents are a clear warning signal: cyber threats have reached the scale of systemic risk. In a world where nearly every service depends on digital connections, and infrastructure relies on cloud and automation, one successful attack can trigger a global domino effect.

Global Threat Landscape 2025 by ExtraHop: Key Takeaways - image 1
KEY TAKEAWAYS

Key findings of the Global Threat Landscape 2025 report

According to the ExtraHop report, the attack surface is growing faster than organizations’ ability to control it. The greatest risks today are concentrated around:

  • public cloud (53.8%),
  • supply chain (43.7%),
  • applications using generative AI (41.9%).
Global Threat Landscape 2025 by ExtraHop: Key Takeaways - image 2

Source: ExtraHop 2025 Global Threat Landscape Report

Most common attack vectors

The ExtraHop report found that attack scenarios still begin in a familiar way. The most common attack vectors include:

  • phishing and social engineering – responsible for 33.7% of incidents,
  • software vulnerabilities19.4% of incidents,
  • supply chain compromise13.4% of incidents,
  • use of stolen credentials12.2% of incidents.
Global Threat Landscape 2025 by ExtraHop: Key Takeaways - image 3

Source: ExtraHop 2025 Global Threat Landscape Report

 

While there is no shortage of knowledge about the sources of attacks, the problem remains the speed of response. On average, it takes about two weeks for an organization to even detect the presence of an intruder, and another two weeks to fully control the situation. This means that criminals have about a month of free rein in the victim’s network – long enough to calmly move between systems, escalate privileges, and prepare the next stages of the attack. During this time, companies incur measurable costs – according to the report, the average downtime after a security incident is 37 hours. For many organizations, this means real financial losses and a loss of customer trust.

Ransomware attacks

Although the frequency of ransomware attacks has decreased – from approximately eight incidents per organization to 5–6 annually – the average ransom value has increased by over a million dollars (from 2.5 million to 3.6 million USD).

Global Threat Landscape 2025 by ExtraHop: Key Takeaways - image 4

Source: ExtraHop 2025 Global Threat Landscape Report

 

This discrepancy between the decline in the number of attacks and the increase in costs is due to the evolution of techniques used by cybercriminals, who are increasingly effective at remaining undetected in the victim’s environment. Data from ExtraHop shows that adversaries had on average nearly two weeks of access to the organization’s network before carrying out the actual attack. Moreover, nearly one-third of companies discovered the ransomware incident only when data exfiltration began – when the damage was already inevitable.

EXTRAHOP RECOMMENDATIONS

Three steps to better protection – ExtraHop recommendations

  1. Understand your attack surface

As IT environments become more complex, the attack surface – and hence the number of potential entry points for cybercriminals – also expands. The key is a complete understanding of what exactly is in your network and where vulnerabilities may exist. Comprehensive visibility allows you to inventory resources and assess risk levels, and then scale your security alongside the environment’s growth – including new containers, cloud services, endpoints, and IoT.

  1. Monitor internal traffic

Modern attacks often bypass classic EDR defenses and after gaining access move laterally (east-west), looking for attack targets. Constant monitoring of internal traffic allows for quick detection of suspicious behavior and response before the attack escalates, effectively reducing the attacker’s presence and minimizing potential damage.

  1. Stay ahead of attackers with analytics and AI

The threat landscape is constantly changing – today it is crucial not only to understand what attackers are doing now but also to predict what they will do tomorrow. This also pertains to new challenges posed by generative artificial intelligence, used to create more convincing phishing campaigns or advanced malware. Collaborating with a solution provider possessing Threat Intelligence and advanced analytics allows building a proactive security strategy that not only responds to threats but also anticipates and neutralizes future attacks.

CONTACT US

How to prepare your organization for threats

The ExtraHop report can be treated as a practical action map for CISOs and SOC teams, indicating which areas need strengthening to reduce detection and response times. Key priorities include:

  • comprehensive resource inventory and application dependency mapping,
  • monitoring internal traffic for anomalies,
  • regular tests for lateral movement detection,
  • response automation using SOAR class platforms,
  • monitoring the supply chain and service accounts,
  • strengthening authentication mechanisms and protection against MFA fatigue attacks.

Implementing such practices is much more effective when based on real-time visibility and the context of the entire environment – from the cloud to local infrastructure and OT. As the official distributor of ExtraHop in Poland and the Baltic countries, we support organizations in building this kind of resilience by implementing ExtraHop RevealX – a Network Detection and Response (NDR) solution, which enables:

  • full visibility of network traffic in cloud, on-premises, and hybrid environments,
  • real-time threat detection,
  • correlation of NDR, IDS, and NPM data in a single view,
  • response automation, reducing detection times from days to minutes.

If you want to check the level of visibility and security in your environment, please contact us!

You can find the full Global Threat Landscape 2025 report here ➡️ https://www.extrahop.com/global-threat-landscape-2025

News

Current news on your topic

All news
Global Threat Landscape 2025 by ExtraHop: Key Takeaways
News
Global Threat Landscape 2025 by ExtraHop: Key Takeaways
More
Encryption vs Visibility: How to Regain Control Over Network Traffic
News
Encryption vs Visibility: How to Regain Control Over Network Traffic
More
Vectra AI acquired Netography: merging AI-based security with cloud visibility
News Vectra AI
Vectra AI acquired Netography: merging AI-based security with cloud visibility
More
All news
This website uses cookies for convenience.