June 25, 2025 2 Minute Read

• Dive into Trustwave SpiderLabs' newest report for crucial insights on protecting tech companies from today's changing cyber threats.
• Uncover the impact of ransomware attacks on tech firms and identify the most active threat actors of 2025.
• Learn about the best practices and mitigation strategies your technology organization can implement to strengthen its cybersecurity.

Threat actors know that technology makes the world go round, and these adversaries are more than willing to use every cyber weapon at their disposal to take advantage of that fact, according to Trustwave’s SpiderLabs’2025 Trustwave Risk Radar Report: Technology Sector.

The report is the culmination of months of research by Trustwave SpiderLabs and contains new findings, updated attack methods threat actors are implementing against their tech sector targets, and the names and details of the groups behind the most damaging attacks.

Finally, the report includes a comprehensive list of mitigation efforts that technology firms can adopt to help maintain their security.

In addition to these details, the main report is accompanied by two Trustwave SpiderLabs supplemental reports: 

• Technology Deep Dive: AI Cyber Arms Race
• Technology Industry Deep Dive: Dark Web-Powered Supply Chain Attacks

Stand Out Facts

One stand-out fact that pervaded the report is that, despite technology firms being on the cutting edge of their particular sector, many often overlook basic cyber hygiene, leaving ports exposed or used vulnerable legacy software. For example, SpiderLabs found more than 3.8 million instances where Port 4567 was left exposed and more than 20,000 cases where organizations were using outdated Windows software, such as 2012, 2008, and 7.

Threat actors easily compound these oversights through the use of advanced phishing techniques and attacking vulnerable third-party suppliers.

Phishing, always a favorite initial attack vector, is becoming even more prevalent and difficult to detect as it’s been opened to the masses of non-technical criminals through phishing-as-a-service offerings (PhaaS.) The report covers Tycoon2FA, a PhaaS platform which allows cybercriminals to bypass Multi-Factor Authentication (MFA) on services such as Microsoft 365 and Gmail. While it has affected the technology sector, it is not specific to technology and affects multiple industries.

PhaaS is symbolic of the general movement in criminal circles toward utilizing tools, techniques, and information previously stolen by more advanced threat actors to make it easier to commit a cybercrime.

This is most evident in how supply chain attacks are now conducted. Instead of developing their entry capabilities, groups now go on the dark web and find others advertising access to critical systems and data, such as privileged access to core systems, APIs, cloud infrastructures, and administrative portals. Even source code repositories belonging to technology companies on the dark web are available. When cybercriminals gain access to this sensitive data, they can launch supply chain attacks on other organizations.

Commonly Used Initial Access

Again, emphasizing how many tech firms are not up to date with their cyber basics, the report noted the vulnerability Apache Log4J, which was patched in December 2021, remains the most exploited vulnerability to gain initial access, being used 42.1% of the time. CVE-2021-34527, PrintNightmare EnumPrinterDrivers Request is another case. Despite being patched in July 2021, it was used 36.8% of the time to gain entry.

The report provides the reader with an inside look at how criminals operate during an attack, walking through a basic attack process that spans initial access, discovery, persistence, privilege escalation, defense evasion, command and control, lateral movement, and exfiltration.

Exposing Ransomware Threat Actors

While phishing is often the most frequently used method to initiate an attack, the end result is typically ransomware. The report runs through the most prolific groups operating in 2025, including RansomHub and CL0p, and many others, with a detailed breakdown of how each operates.

All technology companies, due to the treasure trove of valuable data that malicious actors crave to either conduct additional cybercriminal activity or financial gain can gain, an advantage on their attackers by simply applying some basic best practices like those included in the report.

Please download the primary and supplementary reports to gain all the knowledge that Trustwave SpiderLabs carefully prepared and curated to best help technology firms stay secure.