Cybereason TTP Briefing Q4 2025: Diverse Phishing Tactics and RATs on the Rise

Cybereason’s TTP Briefing Q4 2025 summarizes frontline IR and SOC intelligence showing rising phishing (52%) and edge device exploitation (18%) as primary intrusion vectors, high MFA adoption but a 96% MFA bypass rate, a surge in SEO-poisoning campaigns that drive RAT downloads (RAT usage for escalation rose from 3% to 60%), increased pre-ransomware network intrusions (7% → 25%), and commonly observed CVEs targeting Fortinet, SonicWall, Oracle and other edge/VPN devices; dwell times remain long (42% ≥31 days), indicating persistent, active threats across industries and company sizes.