Mandiants 2025 M-Trends report reveals a global rise in financially driven cybercrime, with 55% of tracked groups pursuing monetary gain in 2024, up from previous years, SecurityBrief Asia reports.

The report, based on over 450,000 hours of incident response, shows direct exploits accounted for 33% of initial intrusions, while stolen credentials, used in 16% of cases, reached their highest recorded share. Most breaches were discovered by external sources, with only 43% detected internally. The global median dwell time rose to 11 days, and was significantly longer when identified externally. Mandiant also observed advanced tactics from China-linked actors and increased activity from North Korea and Iran. Attacks increasingly target cloud misconfigurations, identity systems, and emerging Web3 infrastructure.

Threat actors continue to adapt and innovate, said Mandiants Vivek Chudgar, noting JAPACs exploit rate nearly doubled the global average.

The report urges organisations to adopt layered defenses, improve logging and monitoring, and secure identity systems, while also reinforcing fundamentals such as access controls, vulnerability management, and incident response planning.