Navigating the Next Wave of Advanced Cyber Threats: How to Respond to Evolving Cybercrime

Written by Travis DeForge, Director of Cybersecurity at Abacus Group

The tactics used by threat actors to access and impact businesses are evolving ever rapidly as the same technologies used by organizations to scale and automate their businesses are being used to scale and automate cyberattacks. 

Voice-led social engineering is on the rise. As email gateways grow more effective, hackers are exploiting less-regulated phone and collaboration channels to deliver personalized scams, leading to a 400% spike in vishing during late 2024. There is also a growing number of supply chain security breaches targeting vulnerabilities in third-party software, hardware and services to infiltrate larger organizations. 30% of breaches recorded in Verizon's 2025 Data Breach Investigations Report were linked to third-party involvement, twice as many as last year, and driven in part by vulnerability exploitation and business interruptions. 

The Evolution of Threat Actor Tactics 

Ransomware continues to be one of the most serious cybersecurity threats to organizations today, with recent research from Check Point indicating that the number of attacks grew by 126% in the first quarter of 2025.  

There is a wide array of different strategies threat actors employ, but some of the reasons ransomware is so rampant right now include:

• Ransomware as a Service: By renting the malware and intrusion playbooks to launch cyberattacks at scale, the entry point for amateur threat actors to deploy ransomware is lowered.
• Double Extortion: An approach which involves attackers locking up data, exfiltrating it, and threatening to release sensitive information.
• Ease of Access: Threat actors are able to easily access data and encrypt or threaten to leak it as well as hurt a company’s infrastructure enough to force a ransom payment.
• Lack of Security Maturity: Businesses are built to maximize profit and may deprioritize cybersecurity, leaving holes for an external threat to gain access and do damage.
• Remote Work: With more employees working remotely, there’s a larger attack surface, especially if proper security measures aren't in place on personal or less-secure devices. 

Feeling the Business Impact of Cyber Threats 

As cyberattacks become more frequent and advanced, organizations worldwide are feeling the strain more than ever. On one level, many are hit by financial losses. Funds can be stolen through attacks like wire fraud and significant sums can be lost to the extortion tactics employed in ransomware. It is estimated that victims of Scattered Spider have lost between $9.5-25 million in ransom payments since May 2025. 

Across highly-regulated industries like finance and healthcare, these impacts are further intensified by strict reporting requirements and significant penalties for non-compliance.  According to IBM, the average cost of a data breach in the financial industry is now $5.56 billion, second only to healthcare on $7.42 billion.

Failure to report breaches can result in fines in addition to sometimes costly remediation and recovery efforts. Other common implications of ransomware include: 

• Cyber insurance costs and coverage implications
• Reputational damage and diminished customer trust
• Threat of double extortion (data encryption and exfiltration) 

Downtime can be just as damaging. The inability to operate, even for a short period, results in lost income, reduced productivity and increased costs to recover lost data and equipment. 

Planning Pays Off: Implementing Proactive Steps  

When a breach occurs, how a business reacts in the first few minutes is critical. An effective and credible incident response plan gives organizations the structure and speed needed to act decisively when an attacker hits. These plans should include several key elements: 

• Outline procedures for detecting, responding to and recovering from security incidents
• Protocols for assessing and containing incidents
• Protocols for enforcing data retention policies
• Comprehensive oversight for service providers 

Firms should deploy a range of tools and techniques in addition to implementing an incident response plan, like continuous threat detection and response across endpoints, cloud systems and traditional network infrastructure, persistence and privilege escalation delivered through endpoint managed detection and response (MDR), cloud MDR, phishing-resistant multi-factor authentication, Zero Trust strategies, and strengthened help desk protocols, to proactively combat threats. 

Continuous improvement is key to maintaining an effective incident response strategy. Therefore, incident response plans should be routinely updated and tested with a cybersecurity partner, especially when important technology systems for the company change. 

Abacus’ 24/7 incident response team works on the frontlines battling sophisticated malicious actors on a daily basis. With over 190,000 hours of recovery under their belt, they are among the first to encounter new strategies threat actors are using to bypass existing security controls. If you would like to learn more about how Abacus can use our frontline expertise to help your organization combat evolving cyber threats, connect with our team today.