Cloud Blog: Mandiant M-Trends 2025: 3 key insights for public sector agencies

May 27, 2025

—

Source URL: https://cloud.google.com/blog/topics/public-sector/mandiant-m-trends-2025-3-key-insights-for-public-sector-agencies/
Source: Cloud Blog
Title: Mandiant M-Trends 2025: 3 key insights for public sector agencies

Feedly Summary: The cyber defense and threat landscape demands continuous adaptation, as threat actors continue to refine their tactics to breach defenses. While some adversaries are using increasingly sophisticated approaches with custom malware, zero-day exploits, and advanced evasion techniques, it’s crucial to remember that not all successful attacks are complex or sophisticated. Many successful attacks exploit basic vulnerabilities, like stolen credentials via infostealers – now the second-highest initial infection vector – or unprotected data repositories.In order to arm government agencies with the insights needed to combat this multifaceted threat landscape, we’ve just released the 16th edition of our annual report Mandiant M-Trends 2025. By digging deeper into the key trends, data, insights and analysis from the frontlines of our incident response engagements, we aim to help public sector organizations stay ahead of all types of attacks and arm them with critical insights around the latest cyber threats.Here are three top findings from our annual M-Trends 2025 report and what they mean for public sector agencies.Malicious exploits top the listFor the fifth consecutive year, exploits – malicious code targeting specific known vulnerabilities in software and networks – continue to be the most frequent source of attacks, or initial infection vector, accounting for one-third of security intrusions. Among Mandiant incident response investigations, the report details the year’s four most targeted vulnerabilities, affecting vendors like Palo Alto Networks, Ivanti, and Fortinet.Given public sector agencies handle vast amounts of sensitive citizen data and critical infrastructure, this underscores the necessity for stringent cybersecurity hygiene, rapid patching protocols, and continuous threat intelligence to prevent severe operational disruptions and maintain public trust.Increasing malware families and threat groupsAccording to the report, in 2024 Mandiant began tracking 632 net new malware families, bringing the total number of tracked malware families to over 5,500 unique families. Also tabulated were 737 newly tracked “threat groups” – clusters of consistent attacks, adding to a total of over 4,500 currently tracked groups which may indicate organized cybercrime campaigns – including financial theft and state-sponsored espionage – targeting both the public and private sectors.For public sector agencies, this proliferation of new malware families demands enhanced vigilance, adaptive defense strategies, and intelligence-driven cybersecurity investments to safeguard critical government operations and sensitive citizen data from sophisticated attacks.New York City Cyber Command, a centralized organization charged with protecting city systems that deliver critical services that New Yorkers rely on, leverages a highly secure, resilient, and scalable cloud infrastructure powered by Google Cloud, that helps its cybersecurity experts detect and mitigate an estimated 90 billion cyberthreats every week. By applying Google’s Zero Trust framework to secure the smartphones and other devices used by police officers and by leveraging Google Threat Intelligence, they are able to get the right information to the right teams at the right time in order to detect and respond to threats faster.Ransomware on the riseThis year’s M-Trends 2025 report dives deeper into the global scope and consequences of ransomware – with ransomware-related events accounting for over one-fifth (21%) of all Mandiant incident response investigations in 2024. The most commonly observed initial infection vector for ransomware-related intrusions, when the vector could be identified, was brute-force attacks, followed by stolen credentials and exploits. This increasing risk facing organizations of all kinds – including public sector agencies – necessitates the investment in resilient cybersecurity infrastructure, comprehensive employee training, and the adoption of defense tools.Covered California leverages Assured Workloads and Google Security Operations (SecOps) to proactively scan all log information, signatures and threats in the landscape to eliminate security blind spots and proactively safeguard against attacks. In this framework, all solution network traffic is private and encrypted at all times. Together, these solutions help Covered California achieve its goals to reduce costs for residents and increase the number of Californians with access to healthcare, while also improving the employee and customer journey.Arming public sector agencies in readiness and responseWith this latest M-trends 2025 report, we aim to equip security professionals across public sector agencies with frontline insights into the latest evolving cyberattacks as well as practical and actionable learnings for better organizational security. Read the full M-Trends 2025 report here, and subscribe to our Google Public Sector Newsletter to stay informed and stay ahead with the latest updates, announcements, events and more.

AI Summary and Description: Yes

**Summary:** The text discusses the latest findings from the Mandiant M-Trends 2025 report, which highlights the evolving cyber threat landscape and emphasizes the need for public sector agencies to adopt stringent cybersecurity measures. Key insights include the prevalence of malicious exploits, the rise in new malware families and threat groups, and the growing ransomware threat, all underscoring the necessity for enhanced security protocols, adaptive defense strategies, and continuous threat intelligence.

**Detailed Description:**
The Mandiant M-Trends 2025 report provides vital insights into the current state of cyber threats, particularly focused on public sector organizations. Here are the major points explored in the report:

– **Malicious Exploits Dominance:**
– Exploits targeting known vulnerabilities remain the most common initial infection vector for the fifth consecutive year.
– Responsible for roughly one-third of all security intrusions.
– Included findings on vulnerabilities affecting vendors such as Palo Alto Networks, Ivanti, and Fortinet.
– Implication for public agencies includes the necessity for robust cybersecurity hygiene and rapid patching processes.

– **Proliferation of Malware Families and Threat Groups:**
– The report identifies 632 net new malware families tracked in 2024, totaling over 5,500 unique families.
– 737 new threat groups were also identified, suggesting organized cybercrime campaigns targeting various sectors.
– This growth mandates enhanced vigilance and adaptive defense strategies in public sector agencies to protect sensitive citizen data and critical infrastructure.

– **Ransomware Threat:**
– Ransomware events comprised over 21% of all Mandiant incident responses in 2024.
– Brute-force attacks, stolen credentials, and exploits were highlighted as key vectors for ransomware-related intrusions.
– Organizations must invest in resilient cybersecurity infrastructure and comprehensive training for employees to address this increasing risk.

– **Case Study – New York City Cyber Command:**
– Utilizes a secure cloud infrastructure powered by Google Cloud to mitigate a vast number of cyber threats weekly.
– Applies a Zero Trust framework for securing devices used by public safety personnel, and leverages threat intelligence for speedier detection and response.

– **Case Study – Covered California:**
– Employs Assured Workloads and Google SecOps for threat scanning and securing network traffic.
– Focused on enhancing healthcare access while ensuring cybersecurity measures are in place to protect user data.

– **Guidance for Public Sector Agencies:**
– The report provides actionable learnings for security professionals in public sector agencies, emphasizing the importance of frontline insights into evolving cyberattacks to improve organizational security.

The M-Trends 2025 report serves as a crucial resource for professionals engaged in cybersecurity within government organizations, highlighting the pressing need for proactive measures, intelligence-driven investments, and continual adaptation to ever-evolving threats in the cyber realm.

1 2 2024 2025 24 3 4 5 7 a access account accounting Act adaptation adaptive adoption ads AGI AI alt analysis and anti API app ARM art as Assured Workloads attack attacks bert Bi breach brute by C California campaigns case study CI CIA Cloud cloud infrastructure cluster co code Col command core cost Costs credential credentials crime critical critical infrastructure critical services cross Current custom malware Customer cyber Cyber Command cyber defense cyber threat cyber threat landscape cyber threats cyberattack Cyberattacks cybercrime cybersecurit Cybersecurity cybersecurity expert cybersecurity experts cybersecurity hygiene cybersecurity infrastructure cybersecurity investment cybersecurity measures cyberthreats D data data repositories day day exploit day exploits de deep defense defense strategies defenses demand detection device disruption drive driven e employee training end engagement enhanced security Entra espionage evasion evasion techniques event evolving threats exp expert Experts exploit exploits face fast financial fine focused for force attack Fortinet framework front full g Gen Go goal Google Google Cloud Google Public Sector Google Security Operations Google Threat Intelligence government government agencies government operations government organizations Group growth gs guidance H health Healthcare high Highlight HR http HTTPS in incident incident response information infostealer infostealers infrastructure insights Intel intelligence investigation investigations investment Investments io Ivanti J Just k Key known vulnerabilities l land learning led Li life lm low M malicious code malware man Mandiant measures multi N network network traffic networks New York news no o of off on one only operation operational disruption operations opt organization organizational security organizations oS over Palo Alto Palo Alto Networks Patch patching patching process phi point Power pre private sector proactive proactive measures process processes professionals protocol protocols public public safety public sector public sector organizations public trust Q R rack rag ransom ransomware rate RCE readiness real red release report resident Resil resource response responses responsible right Risk Ro RoT RSA Rust s safe safety scalable scanning sec SecOps sector secure secure cloud infrastructure security Security Expert security experts security hygiene security infrastructure security investments security measure security measures security operations security professionals security protocols sequence service services seth side Sig signatures size smartphones software solutions sophisticated attacks source specific sponsored Sponsored Espionage SSE state state-sponsored STIG stolen credentials strategies study system systems T tactics Tails targeted team Teams tech techniques test text the theft third threat threat actor threat actors threat group threat groups threat intel threat intelligence threat landscape threats Time to tool tools Tor TP tracking traffic training trends Trends 2025 trust two type UI under up update updates ups US use user user data V val vectors vendor vendors vents vigilance vulnerabilities Ware Well Wi workload workloads x Zen zero Zero Trust zero-day zero-day exploit zero-day exploits