Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.
The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.
“We’re seeing a clear evolution in attacker behavior in 2025, headlined by an exponential rise in AI-driven threats,” says Ranjan Singh, Mimecast chief product and technology officer. “Financial platforms, regulatory agencies, and city governments have all been targeted by profit-driven ransomware groups and highly organized, state-sponsored adversaries. Threat actors are doubling down on human-focused attacks and exploiting trusted business services as their primary means of intrusion, making employee awareness and resilient systems more essential than ever.”
Generative AI has given threat actors more power to create the perfect lure, impersonating vendors, partners, and employees. They are now able to craft convincing email chains, synthetic voices, and audio messages that can bypass detection tools.
Mimecast research shows a significant increase in social engineering attacks, including schemes like ClickFix, AI-augmented phishing, and business email compromise (BEC). These attacks are becoming increasingly sophisticated, with attackers leveraging automated conversation chains to create the illusion of legitimate communication in phishing emails.
Trusted business tools are being exploited too, platforms like Adobe Pay, DocuSign, and Salesforce are being used within attack chains, with virtual meeting room and hosting service DocSend becoming the most abused service in 2025.
Certain industries are in the firing lone too with professional education, IT software, telecommunications, real estate, and legal organizations seeing a higher volume of impersonation attacks. These sectors often have direct access to high-value targets, handle sensitive financial transactions and manage confidential client information, making them attractive to attackers.
“Cyber defense can no longer be treated solely as a technology issue,” says Mimecast chief information security officer, Leslie Nielsen. “It’s equally about people and organizational resilience. Since last year, cybercriminals have significantly increased their use of trusted services to bypass technical defenses that might otherwise block attacks. Countering these threats requires organizations to adapt by preparing employees to recognize suspicious activity and leveraging tools like AI internally to enhance both business workflows and security operations. As threat actors continue to target the human layer through deception, trust exploitation, and multichannel coordination, building awareness and resilient response capabilities becomes critical.”
The full report is available from the Mimecast site.
Image credit: Morganka/Dreamstime.com
