TLDR: A new report from LevelBlue highlights a significant increase in cybersecurity incidents during the first half of 2025, primarily driven by sophisticated social engineering attacks, many of which are AI-driven. The report, titled ‘Fool Me Once: How Cybercriminals are Mastering the Art of Deception,’ reveals a threefold surge in incidents, with social engineering accounting for 39% of initial access. Organizations are struggling to keep pace, with a large percentage admitting to being unprepared for AI-powered threats like deepfakes and automated attacks, despite recognizing the heightened risk.
LevelBlue’s latest ‘Threat Trends Report, Edition Two,’ subtitled ‘Fool Me Once: How Cybercriminals are Mastering the Art of Deception,’ paints a concerning picture of the cybersecurity landscape in the first half of 2025. Analyzing incident data from January 1 to May 31, 2025, the report indicates a dramatic surge in cyberattacks, with the percentage of LevelBlue customers experiencing incidents nearly tripling, from 6% in the latter half of 2024 to 17% in the first half of 2025.
The primary driver behind this escalation is the increasing sophistication of social engineering attacks, which now account for a staggering 39% of all initial access incidents. A particularly alarming trend is the 1,450% jump in fake CAPTCHA schemes, notably ‘ClickFix’ campaigns, observed between the second half of 2024 and the first half of 2025. While Business Email Compromise (BEC) remains a common vector, non-BEC incidents have also seen a significant rise of 214%, signaling a diversification in attacker tactics.
Attackers are not only becoming more deceptive but also faster. The report reveals an average ‘breakout time’ – the period between initial access and lateral movement within a network – of under 60 minutes, with some instances recorded in less than 15 minutes. This unprecedented speed is often attributed to AI-enhanced deception and the deployment of remote access trojans.
Despite the growing threat, many businesses remain critically unprepared for these evolving challenges. A significant 38% of organizations confess to being underprepared for AI-driven social engineering threats, including automated attacks, deepfake videos, and voice scams. Although 44% of companies anticipate an AI-powered attack within the next 12 months, only 29% feel prepared to counter such an event, and a mere 20% consider themselves highly effective in defending against adversaries employing AI techniques. Furthermore, only 24% of organizations report being highly effective at leveraging AI to bolster their cybersecurity defenses.
Preparedness levels vary across different social engineering tactics: 57% are ready for personal information exfiltration, 56% for business email compromise, 51% for phishing, 43% for smishing, and 41% for quishing. However, only 32% are prepared for deepfake and synthetic identity attacks. Investment in robust defenses is also lagging, with only 13% of organizations making significant investments in Zero Trust Architecture (ZTA), a critical framework for mitigating the impact of compromised credentials.
The report also touches upon the ‘shadow AI’ phenomenon, where unauthorized AI tool usage within organizations leads to significant breaches. An IBM report cited by LevelBlue indicates that such breaches cost companies an average of $4.63 million, 16% higher than the global average. Worryingly, while only 13% of organizations reported AI-related security incidents, a staggering 97% lacked adequate access controls for these systems, exposing sensitive data, with 60% of these incidents leading to compromised data, and 65% involving personally identifiable information. A major governance gap exists, as 63% of breached organizations lack established AI policies.
Theresa Lanowitz, Chief Evangelist at LevelBlue, emphasized the human element: ‘Establishing a culture of cyber resilience is imperative for organizations to effectively prepare for the emergence of more sophisticated social engineering attacks. These attacks exploit human behavior, so without the proper investment into education and training, including cyber resilience processes and engaging cybersecurity consultants, organizations and their employees remain vulnerable.’ Fernando Martinez Sidera, Lead Threat Researcher at LevelBlue, added, ‘A striking development in the first half of 2025 is how much more sophisticated threat actors have become at deception. They’re moving beyond traditional BEC schemes and using targeted social engineering to manipulate users into opening the door.’
Also Read:
- Artificial Intelligence Fuels 70% Surge in Ransomware Attacks, Igniting Cybersecurity Arms Race
- AI Summarization Tools Exploited as New Malware Delivery Vector
LevelBlue recommends several best practices to enhance protection, including educating users on fake CAPTCHA and other browser attacks, restricting PowerShell or command prompt use for non-administrator accounts, and enforcing caller verification protocols such as multi-factor authentication (MFA), code words, or identity verification platforms. Enforcing MFA and certificates for VPN access is also crucial.
