Picus

Maori, a ransomware strain, had a prevention effectiveness rate of 41%.

Attacks using valid credentials were successful 98% of the time.

Logging coverage held steady at 54%.

Infostealer malware has tripled in prevalence.

BlackByte, a ransomware strain, had a prevention effectiveness rate of just 26%.

BabLock, another ransomware strain, had a prevention effectiveness rate of 34%.

Discovery techniques like System Network Configuration Discovery and Process Discovery scored below 12% in prevention effectiveness.

Overall prevention effectiveness declined from 69% in 2024 to 62% in 2025.

Only 14% of attacks generated alerts.

Data exfiltration attempts were only stopped 3% of the time in 2025. This is down from 9% in 2024, representing a 3x decrease.

In 46% of tested environments, at least one password hash was successfully cracked. This is an increase from 25% in 2024.

On average, malware now executes 14 malicious actions.

There has been a 3X increase in malware specifically targeting credential stores like password managers and browser-stored login data.

Process Injection (T1055) has a prevalence rate of 31%.

On average, malware now executes 14 malicious actions.

25% of the malware examined showed behaviours related to T1555 (Credentials from Password Stores).

Process Injection (T1055) has a prevalence rate of 31%.

There has been a 3X increase in malware specifically targeting credential stores like password managers and browser-stored login data.

93% of all malicious actions observed could be mapped to just 10 MITRE ATT&CK techniques.

93% of all malicious actions observed could be mapped to just 10 MITRE ATT&CK techniques.

25% of the malware examined showed behaviours related to T1555 (Credentials from Password Stores).