2025 Year in Review: Malicious, Infrastructure

This Insikt Group 2025 malicious infrastructure report expands tracking across malware families and infrastructure types, finding that infostealers (notably Vidar and Lumma) and malware-as-a-service remain primary infection vectors, Cobalt Strike continues to dominate offensive security tool detections even as competitors (RedGuard, Ligolo, Supershell) gain share, and the ecosystem shows high turnover in loaders/droppers (eg. CastleLoader) with sustained use of traffic distribution systems and threat activity enablers; the report urges improved detection (YARA/Sigma/Snort), continuous monitoring, and careful handling of legitimate infrastructure services.