Ransomware and infostealer threats are evolving faster than most organizations can adapt. While security teams have invested heavily in ransomware resilience, particularly through backup and recovery systems, Picus Security's Blue Report 2025 shows that today's most damaging attacks aren't always about encryption.
Instead, both ransomware operators and infostealer campaigns often focus on credential theft, data exfiltration, and lateral movement, leveraging old-school stealth and persistence to achieve their objectives with minimal disruption.
The evolving adversary tactics are clearly visible when comparing the findings from the Blue Report 2025, based on over 160 million real-world attack simulations, and the Red Report 2025, which analyzes the latest trends in malware, threat actors, and exploitation techniques.
The overlap between the two reports reveals a clear and concerning signal: defenders are falling behind on detecting the very tactics that adversaries now favor the most.
What Is the Blue Report?
The Picus Blue Report is an annual research publication that analyzes how well organizations are preventing and detecting real-world cyber threats.
Unlike traditional reports that focus solely on threat trends or survey data, the Blue Report is based on empirical findings from over 160 million attack simulations conducted across the globe, using the Picus Security Validation Platform.
Now in its third year, the Blue Report provides a data-driven look at the state of enterprise defenses across industries, regions, and attack surfaces.
It evaluates prevention and detection performance against industry-recognized MITRE ATT&CK tactics and techniques, ransomware strains, infostealer behaviors, and newly disclosed vulnerabilities discovered in 2024 and 2025.
By revealing where organizations' real-world security controls are working and where they're silently, or not-so-silently, failing, the Blue Report offers security teams a clear path to prioritize high-risk exposures, improve their resilience, and adopt a Continuous Threat Exposure Management (CTEM) strategy backed by Adversarial Exposure Validation (AEV).
... continue reading