Hackers smooth-talking their way into corporate networks as voice phishing surges
Exploits remain the most common initial infection vector for businesses and organizations. Voice phishing has become the second-most observed attack vector.
According to security researchers at Mandiant, attackers continue to adapt their tactics, techniques, and procedures (TTPs) to bypass modern security controls.
However, exploiting vulnerabilities remains the most common way to gain access to corporate networks and cloud environments. Nearly a third of all intrusions (32%) in 2025 were pulled off by exploiting unknown vulnerabilities, also known as zero-days.
Phishing attacks by telephone, or voice phishing, surged significantly last year. Mandiant security researchers say it has become the second-most prolific way to attack companies, accounting for 11% of all intrusions.
Allegedly, the recent major Odido data breach occurred using voice phishing. The attackers posed as IT staff members and tricked employees into approving fraudulent login attempts, thus bypassing multi-factor authentication (MFA).
Because automated technical controls have improved drastically, email phishing dropped to only 6% of intrusions in 2025.
Researchers claim that ransomware groups are no longer just encrypting data: they’re actively destroying companies’ backup infrastructure to prevent them from recovering.
“Modern ransomware is now a fundamental resilience problem, forcing organizations into a choice: pay or rebuild,” Jurgen Kutscher, Vice President at Mandiant.
Check if your data has been leaked
Edge and core network devices, such as virtual private networks (VPNs) and routers, have become an effective way to gain persistent access to corporate networks as they typically lack standard endpoint detection and response (EDR) protection.
Lastly, threat actors are integrating AI to speed up the attack lifecycle and steal proprietary, specialized training data from high-value large language models (LLMs).
“Despite these rapid technological advancements, we do not consider 2025 to be the year where breaches were the direct result of AI. From our view on the frontlines, the vast majority of successful intrusions still stem from fundamental human and systemic failures,” Kutscher concluded.
Because attackers managed to get better at evading defenses, global median dwell time rose from 11 days to 14 days last year. The tech sector was the most targeted industry (17%), followed by the financial sector (14.6%).
Unlock more exclusive Cybernews content on YouTube.
