The Red Report 2025

Blue Report 2025: The State of Exposure Management

GET YOUR COPY >>

Red Report™ 2025

Credentials at Risk: Infostealer 3X Leap in 2024

In the 5th edition of the Red Report™, Picus Labs analyzed over 1 million malware samples, uncovering 14 million malicious actions mapped to 11 million MITRE ATT&CK® techniques. Credential theft has leaped 3X in the last year, driven by sophisticated infostealer malware like SneakThief.

Here’s what you’ll gain:

The top 10 MITRE ATT&CK® techniques and their role in 93% of attacks.
How adversaries leverage Perfect Heist scenarios like encrypted exfiltration and credential theft.
Actionable recommendations to prioritize defenses against multi-stage and precision-driven attacks.

Don’t just react—be prepared.

Not ready to register? Learn more about the research.

MITRE ATT&CK T1005 Data from Local System

MITRE ATT&CK MITRE ATT&CK T1005 Data from Local System

MITRE ATT&CK T1562.012 Impair Defenses: Disable or Modify Linux Audit System

MITRE ATT&CK MITRE ATT&CK T1562.012 Impair Defenses: Disable or Modify Linux Audit System

MITRE ATT&CK T1562.011 Impair Defenses: Spoof Security Alerting

MITRE ATT&CK MITRE ATT&CK T1562.011 Impair Defenses: Spoof Security Alerting

MITRE ATT&CK T1562.010 Impair Defenses: Downgrade Attack

MITRE ATT&CK MITRE ATT&CK T1562.010 Impair Defenses: Downgrade Attack

MITRE ATT&CK T1056 Input Capture

MITRE ATT&CK MITRE ATT&CK T1056 Input Capture

MITRE ATT&CK T1562.009 Impair Defenses: Safe Mode Boot

MITRE ATT&CK MITRE ATT&CK T1562.009 Impair Defenses: Safe Mode Boot

MITRE ATT&CK T1562.008 Impair Defenses: Disable or Modify Cloud Logs

MITRE ATT&CK MITRE ATT&CK T1562.008 Impair Defenses: Disable or Modify Cloud Logs

MITRE ATT&CK T1562.007 Impair Defenses: Disable or Modify Cloud Firewall

MITRE ATT&CK MITRE ATT&CK T1562.007 Impair Defenses: Disable or Modify Cloud Firewall

MITRE ATT&CK T1562.006 Impair Defenses: Indicator Blocking

MITRE ATT&CK MITRE ATT&CK T1562.006 Impair Defenses: Indicator Blocking