Huntress 2025 Cyber Threat Report: Key Takeaways And Actionable Defenses For MSPs

Cyberattacks are hitting harder and faster than ever. In 2024, the average time from initial breach to full ransomware deployment was just 17 hours—and in some cases, as little as four. Hackers are evolving, targeting MSPs, abusing trusted tools and bypassing security defenses faster than ever before.

CRNtv host Sydney Neely speaks with Greg Linares, principal threat intelligence analyst at Huntress, and Ethan Tancredi, technical account manager and MSP SME at Huntress, to break down the key findings from the Huntress 2025 Cyber Threat Report and what it means for MSPs.

The 2024 Cyber Threat Landscape

Sydney: Greg, let’s start with the big picture. What are the biggest takeaways from Huntress’ 2025 Cyber Threat Report? What should MSPs be most concerned about?

Greg: Attackers are moving faster than ever. What used to take months is now happening within weeks. Sophisticated attack methods are being adopted and deployed more quickly, shrinking the gap between high-level threats and everyday attacks. This means MSPs need to stay vigilant and adapt rapidly to protect their clients.

How Attackers Are Exploiting MSP Tools

Sydney: Ethan, we know MSPs are high-value targets for attackers because they provide access to multiple businesses. What are some of the biggest mistakes MSPs make that leave them vulnerable, and how can they avoid them?

Ethan: The biggest mistake is incomplete security coverage—missing tools on certain machines or only protecting critical systems. Attackers target unprotected machines to establish a foothold. A lack of employee training also creates risks, especially when staff unknowingly download malicious tools. Another issue is excessive user permissions—if a tech uses a global admin account as a daily driver, compromised credentials can expose the entire client base. Finally, poor patching strategies leave MSPs vulnerable to mass exploits. MSPs need to restrict admin access, improve training and close security gaps to limit exposure.

Building a Stronger Cyber Defense for MSPs

Sydney: Phishing attacks aren’t what they used to be. Greg, what new phishing tactics did Huntress track in 2024, and how can MSPs help their clients stay protected?

Greg: QR code phishing accounted for about 8 percent of attacks in 2024. Attackers use QR codes to mimic trusted services, tricking users into scanning and entering credentials—often from phones that lack the same security as desktops. Another tactic is leveraging trusted third-party platforms to host malware. Attackers upload malicious documents to legitimate sites, making it harder for users to detect threats. MSPs need to educate clients about these tactics and strengthen protections at the endpoint and network levels.

If you want to dive deeper into the data, download the full Huntress 2025 Cyber Threat Report at Huntress.com.