TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Huntress

Top Cyber Threat Trends of 2025: Deepfakes, ClickFix & More | Huntress

2025-10-02 · Read original ↗

ATT&CK techniques detected

10 predictions
T1588.002Tool
97%
“if there ’ s one thing that we know about threat actors, it ’ s that if something works, they ’ ll continue to use those same ttps, sometimes with their own flair. like what you just read? join us every month for tradecraft tuesday, our live webinar where we expose hacker techniq…”
T1204.004Malicious Copy and Paste
93%
“victims a phishing message, which leads them to a supposedly broken captcha on a webpage. the “ solution ” to fixing the broken captcha is copying and pasting a command into the run dialog box, which is given to victims via an attacker - controlled prompt. this triggers the attac…”
T1204.004Malicious Copy and Paste
79%
“clickfix attack has now expanded to include cross - platform variations most recently, we spotted an attack with clickfix - like aspects. this shows that attackers are capitalizing on their apparently successful blend of social engineering with mundane processes, like captchas or…”
T1566.002Spearphishing Link
70%
“top cyber threat trends of 2025 : deepfakes, clickfix & more | huntress cloudflare turnstile challenges leading to metastealer. deepfake meetings impersonating company executives, which trick employees into downloading malicious extensions. exposed asp. net machine keys that open…”
T1566.002Spearphishing Link
64%
“the lures that might trick individuals, and the subsequent mitigations. companies that want to mitigate against clickfix attacks can take the following steps : - disable the win + r run dialog box, and restart explorer - disable the win + x power menu - disable hotkeys and disabl…”
T1684.001Impersonation
55%
“their agenda. this incident is one of many deepfakes that have happened this past year ; in fact, 2025 is projected to have a 35 percent increase in reported deepfake incidents over 2024. deepfakes are also creating financial headaches for businesses, as the world saw after londo…”
T1204.004Malicious Copy and Paste
48%
“the lures that might trick individuals, and the subsequent mitigations. companies that want to mitigate against clickfix attacks can take the following steps : - disable the win + r run dialog box, and restart explorer - disable the win + x power menu - disable hotkeys and disabl…”
T1190Exploit Public-Facing Application
38%
“flaw ( cve - 2025 - 30406 ). this attack stemmed from the fact that machine keys were hardcoded in the centrestack portal, allowing threat actors to track them down in the web. config file. they could then deserialize data from a viewstate intrusion and execute arbitrary code. fi…”
T1204.002Malicious File
37%
“clickfix attack has now expanded to include cross - platform variations most recently, we spotted an attack with clickfix - like aspects. this shows that attackers are capitalizing on their apparently successful blend of social engineering with mundane processes, like captchas or…”
T1566.004Spearphishing Voice
31%
“their agenda. this incident is one of many deepfakes that have happened this past year ; in fact, 2025 is projected to have a 35 percent increase in reported deepfake incidents over 2024. deepfakes are also creating financial headaches for businesses, as the world saw after londo…”

Summary

John Hammond and Greg Linares with Huntress discuss the top tradecraft we’ve seen this year so far, from ClickFix attacks to deepfake social engineering