Threat Intelligence, Ransomware

Cyberattacks shift to stealthy, long-term access over ransomware

Plain code with the word "cyberattack" in red.

As reported by The Hacker News, a new report indicates a significant shift in cyberattack strategies, moving away from disruptive ransomware and encryption towards prolonged, undetected access. The Picus Labs Red Report 2026 analyzed over 1.1 million malicious files and 15.5 million adversarial actions from 2025, revealing that attackers are prioritizing stealth and persistence over immediate disruption.

The report highlights a 38% year-over-year decrease in "Data Encrypted for Impact" techniques, signaling a strategic pivot. Instead of locking systems, attackers are focusing on data extortion, quietly exfiltrating sensitive information and harvesting credentials. Credential theft, particularly from password stores, now appears in nearly one out of every four attacks, serving as the primary control plane. Furthermore, eight of the top ten MITRE ATT&CK techniques observed are now dedicated to evasion, persistence, or stealthy command-and-control, indicating a move towards maximizing dwell time. Malware is increasingly exhibiting self-aware behavior, evading analysis by detecting sandbox environments and withholding execution until it reaches a production system.

The focus is shifting from detecting loud, disruptive attacks to identifying subtle, persistent compromises. Organizations must prioritize behavior-based detection, robust credential hygiene, and continuous adversarial exposure validation to defend against these "digital parasites," according to Picus Labs.

Source: The Hacker News

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds