Obrela has released its Digital Universe Report 2025, describing changes in the global cyber threat landscape. The report indicates a shift from high-volume attacks toward more targeted and less visible methods focused on identity, access, and maintaining persistence.
Based on analysis of 17.1 petabytes of telemetry from more than 523,000 endpoints, the report suggests developments in how threats are identified and understood. Alert volumes decreased by 24% year-on-year, while confirmed cyberattacks increased by 21%, which may reflect changes in detection approaches as well as the number of verified incidents.
The report outlines changes in attacker behavior. Instead of relying primarily on large-scale malware campaigns or highly visible disruptions, some attackers are using techniques such as credential misuse, privilege escalation, and reconnaissance-based activity. These approaches can allow access and continued presence within systems without immediate detection.
Sector targeting has also shifted. Retail and eCommerce accounted for 24% of observed attacks in 2025, with activity linked to fraud, credential misuse, and transaction-related exploitation. Financial services, previously a leading target, represented a smaller share in comparison.
According to the report, there has been a decrease in certain high-volume attack types, such as widespread malware and general reconnaissance, alongside an increase in more context-specific and access-focused techniques. This may relate to changes in defensive measures and baseline security controls.
Regionally, patterns vary. In more digitally developed economies, including the United States, Northern Europe, and parts of Asia, there is increased activity involving reconnaissance and authentication-related targeting. Other regions continue to experience a wider mix of threats, including malware and internal security challenges.
The report also notes that advanced persistent threat (APT) groups and financially motivated cybercriminals are using methods such as credential harvesting, defense evasion, and lateral movement, rather than relying solely on large-scale attack campaigns.
It concludes that cybersecurity approaches may need to adapt, with greater emphasis on context, risk assessment, and intelligence-informed strategies rather than relying primarily on high-volume detection.
