As we move through the second half of 2025, the cybersecurity landscape continues to shift rapidly. Earlier this year, Huntress released their 2025 Cyber Threat Report, which provides an in depth analysis of the trends, behaviours and techniques observed in 2024.
The report painted a stark picture of how threat actors have evolved, leveraging more sophisticated tools, targeting smaller businesses with enterprise level tactics, and exploiting everyday IT tools to devastating effect.
At Inavate, we’ve seen these trends unfold firsthand. As experts in ISO 27001 implementations, internal auditing and cybersecurity, we know that staying ahead of these threats takes more than awareness – it takes clear, practical action.
Here’s our take on five key areas highlighted in the Huntress report, and what they mean for your business right now.
1. Remote Access Trojans (RATs)
The report revealed that over 75% of remote access incidents involved RATs like AsyncRAT, NetSupport, and Jupyter. These tools are evolving into multi-stage backdoors with advanced capabilities.
Inavate’s view: Our clients are reporting a clear rise in RAT related activity, targeting not only large enterprises but also small to medium sized businesses. These malicious tools are often delivered through phishing emails or compromised downloads, and once inside, they can easily bypass traditional antivirus solutions. This reinforces the need for layered endpoint protection, regular patching, and effective user awareness training. If your internal audit hasn’t reviewed remote access controls recently, now is the time.
2. RMM Tools Are Being Turned Against You
Attackers are increasingly abusing legitimate Remote Monitoring and Management (RMM) tools like ConnectWise, ScreenConnect and TeamViewer to gain access and move within networks. Because these tools are a trusted part of IT infrastructure, they often go undetected, allowing malicious actors to gain access and move freely within a network.
Inavate’s view: This is a clear warning for IT teams. RMM tools are useful for many business operations, but they must be tightly controlled. We recommend reviewing access logs, enforcing multi-factor authentication (MFA) for all RMM tool access, and limiting its use to essential staff. During ISO 27001 internal audits, we’re placing greater emphasis on how these tools are managed and monitored to ensure they do not pose any unnecessary risk.
3. “Living Off the Land” Techniques Are on the Rise
The report reveals a significant increase in “Living Off the Land” (LotL) techniques, where cybercriminals abuse legitimate administrative tools such as PowerShell and Sysinternals. This tactic makes it incredibly hard to distinguish between normal system activity and malicious attacks, as the threats are embedded within trusted processes.
Inavate’s view: This trend is especially dangerous because it slips past many traditional detection methods. To counter act this, businesses must proactively reduce their attack surface. We recommend disabling unused tools to minimise potential entry points, applying strict execution policies to control which tools can be run and by whom, and implementing continuous monitoring to detect unusual behaviour. Internal audits should include a specific review of which administrative tools are installed and, critically, who has access to them.
4. Phishing Is Smarter, More Personal, and Harder to Spot
Phishing remains the most common entry point for attackers, but the methods are becoming far more sophisticated. This evolution moves beyond about dubious links and fake invoices. The report highlights the rise of QR code phishing, image-based lures, and AI-generated emails that mimic real people and brands.
Inavate’s view: Given this trend, we are advising clients to go beyond basic email filtering. Modern security awareness training is no longer enough; it should now include real-world phishing simulations and specific guidance on identifying these more subtle and sophisticated threats. In this context we believe that ISO 27001 Clause 7.2 (Competence) and Clause 8.2 (Operational Planning and Control) are more relevant than ever for effectively managing this evolving risk.
5. The Gap Between Enterprise and SME Attacks Has Closed
The most striking insight from the Huntress report is that attackers are no longer reserving their most advanced techniques for large enterprises. SMEs are now being targeted with the same level of sophistication.
Inavate’s view: This represents a critical shift in the threat landscape. Smaller businesses can no longer assume they’re “too small to target.” In fact, attackers see them as easier wins. That’s why ISO 27001 is such a valuable framework. It helps businesses of all sizes build a structured, risk-based approach to security. A key part of this process is regular internal audits, which help you identify and close security gaps before an attacker has a chance to exploit them.
What’s Your Best Defence?
The first half of 2025 has confirmed what many of us in the industry already suspected: cybercriminals are faster and more resourceful than ever. But that doesn’t mean businesses are powerless.
At Inavate, we believe that your best defence is built on knowledge, structure, and vigilance. Whether it’s through ISO 27001 internal audits, security awareness training with your employees, or technical controls, our goal for you is the same – to stay one step ahead.
If you haven’t reviewed your security posture recently, now is the time to act.
Ready to turn your insight not action?
Get in touch with Inavate today to assess your current cybersecurity risks or prepare for an ISO 27001 audit. We’re here to help.
