ANNUAL REPORT

Expel Annual Threat
Report 2025

Cybersecurity threat insights and recommendations from, by, and for our customers and community

Get the report

A sneak peek into this year’s data

Expel’s SOC has analyzed a full 365 days of data, spanning 130+ security tools covering endpoint, cloud, network, identity, SaaS, and more to deliver insights unique to a provider like Expel.

Identity-based incidents are, again, primarily what our SOC investigated, but these attacks continued to rise YoY, up 4% from 2023 (page 7)
86% of cloud incidents targeted AWS, down from 2023, hinting at increased targeting of other cloud platforms (page 12)
While extortion emails make up a small amount of phishing investigations, incidents have increased drastically (page 25)
Infostealer malware’s popularity doubled, and the use of IAT malware halved (page 15)

If these changes aren’t reflected in your cybersecurity resilience plan for 2025, download the report now to get full guidance on protecting your org against the trendiest attacks.

Expel Annual Threat Report 2025 - Cover

Resources

2025 cyber resilience checklist

Use these lessons from last year to power your strategy this year

MITRE ATT&CK – Mind Map Kits

Safeguard your cloud infrastructure from MITRE ATT&CK tactics. Access Expel MindMap Kits to thwart malicious actors before they strike.

Cloud security: alert best practices (part II)

This is part two of a two-part blog on cloud security alerts, including what makes them unique and best practices for management.

MDR insights: Tracking lateral movement in a Windows environment (part I)

This is a pocket guide created by Expel's SOC analysts to track and identify anomalous lateral movement within your Windows environments.