Threat Detection Report 2025

None of the nearly 93,000 threats analysed in Red Canary's 2025 Threat Detection Report were prevented by customers' expansive security controls.

Organisations in the educational services sector accounted for 63 percent of all VPN use.

Cloud-native and identity-enabled techniques surged in the Red Canary's 2025 Threat Detection Report, with Cloud Accounts, Email Forwarding Rule, and Email Hiding Rules ranking among the top five.

LummaC2, the most prevalent stealer detected in 2024, sells for anywhere from $250 per month to a one-time payment of $20,000.

Red Canary detected 400 percent more macOS threats in 2024 than in 2023.

Atomic Stealer appeared on Red Canary's monthly top 10 threat rankings five times.

95% of stealer infections happened before September 2024.

Just 5% of stealer infections occurred after September 2024

The Red Canary's 2025 Threat Detection Report noted four times as many identity attacks compared to the 2024 edition.

NetSupport Manager was Red Canary's seventh most detected threat detected in 2024.

Red Canary saw malicious use of NetSupport Manager break its yearly top 10.

The total number of threats detected in Red Canary's 2025 Threat Detection Report increased by more than a third compared to 2024's report.