Name: The Ransomware Report H1 2025: New Trends, Groups & Insights
Start: 2025-09-25T14:00:00Z
End: 2025-09-25T14:00:51.000Z
Location: BrightTALK
Rating: 5

Searchlight Cyber provides organizations with relevant and actionable threat intelligence, to help them identify and prevent criminal activity. Originally founded in 2017 with a mission to stop criminals acting with impunity on the dark web, we have been involved in some of the world’s largest dark web investigations and have the most comprehensive dataset based on proprietary techniques and ground-breaking academic research. The company has expanded and evolved, adding external threat management capabilities to create a Continuous Threat Exposure Management platform for organizations. Today we help government and law enforcement, enterprises, and managed security services providers around the world to identify threats and prevent attacks. 

About Assetnote
Founded in 2018, Assetnote was born from the collective expertise of some of the leading minds in offensive security, and has grown to reflect the values and ability of our brain trust. Pioneering the Attack Surface Management category, Assetnote’s Continuous Exposure Management platform closes the gap between the attacker’s and defender’s perspectives with industry-leading real-time awareness of your evolving attack surface and the exploitable security exposure identified within. Monitoring millions of assets every hour for our customers, we are proud to be the chosen security platform for a wide array of organizations, from innovative startups to members of the Fortune 500, FTSE 100, and ASX 200. To find out more visit assetnote.io.

Join Dr. Mike Saylor to explore how scale makes you a high-value target in the eyes of ransomware attackers and the steps organizations should take, both prior to and during an attack, to minimize your ransomware blast radius.

Organizations with sprawling, complex digital footprints - like school districts, healthcare networks, and global enterprises face unique risks. Their distributed networks of users, devices, and portals leave them exposed. Add in the rise of Ransomware as a Service (RaaS), which means that once off-limits victims, like education and healthcare organizations, are now routinely being targeted.
 
JOIN THE WEBINAR TO LEARN HOW:
- Attack surface management helps reduce exposure across distributed networks.
- Dark web monitoring provides critical visibility into emerging threats.
- Defenders with limited budgets can use these tools as force multipliers against ransomware.

We’ll explore how attack surface management and dark web monitoring serve as a force multiplier for defenders - particularly those with squeezed budgets and high exposure - giving them visibility into threats to their immediate and extended attack surfaces.

Ransomware: Preparing for the inevitable with Dr. Mike Saylor

Security teams often struggle to quantify the impact of their work and clearly demonstrate value to leadership. In this webinar, we’ll explore how to effectively measure the performance of your Attack Surface Management (ASM) program. You'll learn actionable, data-driven metrics and benchmarking methods to highlight efficiency gains and ensure your team’s contributions are recognized.

Join Tim Hunt, VP of Customer Success at Searchlight Cyber, as he shares best practice advice from his time working with some of the largest companies in the world, as he shares the way to measure the impact of your ASM program; time. The faster your team can mitigate risks, the lower the chance of a cyber incident impacting your business's bottom line e.g., system downtime, data loss, regulatory fines, reputational damage. 

In this webinar, we’ll share :

- Practical metrics to measure and demonstrate your ASM program’s impact
- Real-world examples of how teams communicate value to the business
- Actionable guidance to elevate your ASM program’s profile with leadership

Even if you can’t join live, register now to receive your link to the recording as soon as it’s available. We look forward to seeing you on the webinar soon.

How to measure the ROI of your Attack Surface Program

A lot can change in six months, that’s why it’s time for Searchlight’s bi-annual state of ransomware. Join Searchlight Cyber’s Head of Threat Intelligence for a look at how the shifting threat landscape in the first half of 2025.

Join us to discover:

- Who the most active groups in the first half of 2025 were and how the ranking has changed since 2024.
- Explanation of some of the biggest events in the ransomware landscape, including the LockBit data leaks.
- Information on the vulnerabilities used by ransomware groups to execute their attacks in H1 2025.
- New analysis of ransomware leak data, based on research undertaken by our threat intelligence team.
- And much more.

Register now to reserve your place, learn what's changed, and gain insights into how to minimize your attack surface against ransomware. We'll also address the most commonly asked ransomware questions from you - our audience, ensuring your specific challenges are covered. Register for the webinar to receive a link for submitting questions to our experts.

The Ransomware Report H1 2025: New Trends, Groups & Insights

Join our hands-on webinar and get 200 free credits to use Searchlight Cyber’s open-source security testing tools. You'll learn how to identify real security exposures and validate scanner findings, and see exactly how attackers approach your infrastructure - and how to defend against them.

We'll demonstrate three critical testing scenarios: 

●  Detecting access control inconsistencies using Newtowner's multi-region testing.
●  Verifying subdomain takeover vulnerabilities.
●  Discovering potential SSRF targets with Surf. 

Plus, you’ll gain immediate access to community security testing tools with monthly credit allocations to test these tools on your own infrastructure and learn practical strategies for understanding which vulnerabilities matter most.

KEY TAKEAWAYS
●  Master three critical validation techniques: IP whitelist bypass testing, subdomain takeover verification, and SSRF validation
●  See practical examples of validation-first security testing methodologies using live tools
●  Access community tools for immediate testing and evaluation of validation approaches

Test Your Attack Surface: Free Security Tools to Validate Exposures

Nobody wants a zero-day disclosure just before Christmas! That’s why throughout July, Searchlight Cyber will be publishing a series of vulnerabilities - from pre-authentication command execution vulnerabilities to flaws affecting widely deployed enterprise web properties. Join us to learn how these bugs were identified, responsibly disclosed, and can be remediated.
 
- Vulnerability #1:  Persistent XSS on Adobe Experience Manager
- Vulnerability #2:  Pre-authentication vulnerabilities in DotNetNuke
- Vulnerability #3: RCE in survey software Lighthouse Studio,
- Vulnerability #4:  RCE Vulnerability in ETQ Reliance
- Vulnerability #5: Pre-auth vuln on Adobe Experience Manager
 
Throughout July, we’ll reveal how we uncovered several high-impact vulnerabilities in widely used enterprise software. Shubham (Shubs), Searchlight’s SVP of Engineering & Research and prolific bug bounty hunter, will unpack these findings and demonstrate the methodologies and techniques used to identify these critical flaws.

Christmas in July - Critical vulnerabilities unwrapped

Move over ASM, ‘CTEM is the way’. If you’re responsible for managing your organization's external attack surface, chances are you’re already doing parts of Continuous Threat Exposure Management (CTEM), you just haven’t been calling it that. In this webinar, we’ll go beyond the buzzwords and explain what CTEM really is and how it aligns with our definition of ‘true ASM” required to keep pace with a constantly evolving threat landscape.

To coincide with the release of our Searchlight Cyber’s new ebook, ASM in the age of CTEM, we’ve invited Searchlight’s SVP of ASM, Michael Gianarakis, and Customer Success Manager Joe Honey, to cover:

- Why ASM has become too narrow to address modern threats
- Real-world examples of CTEM in action and how it improves security outcomes
- Practical steps to help your team move from asset discovery to exposure reduction

For years, Attack Surface Management (ASM) has been positioned as the answer to managing external risk. But in recent times, the term has become misapplied, often reduced to asset discovery tools with limited impact on actual risk reduction. CTEM restores the full picture and more effectively represents how mature cybersecurity teams manage external risks as part of a continuous cycle of discovery, enrichment, validation, and mitigation.

Even if you can’t join live, register now to receive your link to the recording as soon as it’s available. We look forward to seeing you on the webinar soon.

Beyond ASM: What CTEM means for your external risk strategy

In the final episode of the series, we examine how to effectively run a bug bounty program, specifically how to optimize a vulnerability bug bounty program and explore how ASM can enhance your program's effectiveness.

To run an effective bug bounty program requires balancing an attractive scope and payout to hunters with an attack surface that challenges hunters to do more than automated scans. Ultimately, program managers want to pay for skilful findings, not automated ones. 

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E08 Maximizing Security Outcomes: The Role of ASM in Bug Bounty Programs

In this episode, we explore the blind spots in IP-centric asset discovery and why organizations need a complete view of their attack surface. Modern cloud architectures, load balancers, and web application firewalls (WAFs) can obscure critical assets, making reconnaissance efforts more challenging.

We break down how these hidden risks emerge and why traditional scanning methods often fall short. We also examine the value of subdomain data and passive DNS in exposing overlooked attack surfaces. Topics include:

- Why Internet-wide scanning has critical limitations
- How a broad and deep approach improves attack surface mapping
- Real-world examples of security blind spots in modern infrastructure
- The impact of DNS and path-based routing on security assessments
- The role of IPv6 in asset discovery

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E07 Internet-wide recon: Moving past IP-centric approaches

Let’s take a closer look at shadow exposure and its connection to third-party software - an often-overlooked aspect of shadow IT. Michael and Shubs, co-founders of Assetnote (a Searchlight Cyber company), explore the history of shadow IT, how it has evolved, and the hidden risks of widely used enterprise software that organizations may not fully grasp. Join us as we discuss: 

- The origins and implications of shadow IT
- The challenges of visibility and transparency with third-party vendors
- Real-world examples of vulnerabilities in critical software, including ServiceNow and IBM's ASPR Fastback
- The limitations of security questionnaires and self-attestation processes
- The importance of proactive security measures and effective disclosure processes

We also share insights from our security research team and discuss how organizations can better manage their attack surfaces to mitigate risks associated with shadow exposure. 

Learn more about Assetnote at https://www.slcyber.io/asm

S01 E06 Beyond shadow IT: Understanding the true attack surface of your software

Today, we explore the world of asset discovery and reconnaissance, particularly how these practices have evolved. Historically, discussions around reconnaissance have been overly simplistic and tool-centric, often focusing solely on the latest tools rather than the underlying principles and methodologies. 

Join Assetnote’s co-founders,  as they break down their approach to reconnaissance into five key elements: breadth, depth, context, amplification, and focus. They discuss the importance of understanding the attack surface holistically and how to effectively map it out in a modern context. Learn why breadth is crucial for discovering all assets related to an organization, how depth allows for a deeper understanding of those assets, and the significance of context in enhancing your reconnaissance efforts. They also touch on amplification techniques that can help you uncover hidden vulnerabilities and the importance of applying an offensive mindset to your reconnaissance work. 

Whether you're a seasoned security professional or just starting in the field, this episode offers valuable insights and practical advice to enhance your reconnaissance skills and improve your overall security posture. Discover how to think beyond tools and embrace a more strategic approach to asset discovery!

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E05 The art of recon: Strategies for modern asset discovery

In this episode of Surfacing Security, a series on Attack Surface Management (ASM) brought to you by Assetnote (a Searchlight Cyber company), we dive into the technical complexities of DNS resolution in ASM asset discovery.

Join us as we break down the challenges, implications, and solutions we’ve encountered while handling DNS resolution at scale. From DNS wildcards to security scanning considerations, we explore how DNS data plays a crucial role in comprehensive reconnaissance.

Your hosts, Michael and Shubs, co-founders of Assetnote, share their experiences refining DNS resolution for asset discovery. They discuss the impact of DNS records on security scanning, including detecting misconfigurations and security risks. Plus, hear about a fascinating case of large-scale DNS poisoning, how it was detected, and how attackers exploited it.

We also compare IP-centric tools to a subdomain-centric approach, showing why DNS data is essential for complete attack surface mapping.

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E04 The unknown complexities of DNS resolution

There's a lot of confusion in the ASM (Attack Surface Management) market. In this episode, we discuss the core principles of ASM, the challenges of building and maintaining an effective ASM system, and the importance of safety and accuracy in external attack surface scanning. We share insights on the differences between asset discovery and exposure management, the pitfalls of relying on off-the-shelf tools for ASM, and the critical role of curated checks in ensuring the quality and safety of scanning results. 

We go behind the scenes regarding the work that goes into creating a reliable ASM system, the impact of open-source tools on the market, and the value of a well-designed and integrated approach to attack surface management. 

Gain a deeper understanding of the complexities and considerations involved in building and maintaining an effective ASM system, and learn why quality and safety are paramount in safeguarding your organization's external attack surface.

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E03 Confusion in the ASM market

Join Assetnote’s co-founders as they break down the core principles of Attack Surface Management (ASM), the importance of understanding real exposure across your attack surface, and how security research uncovers vulnerabilities beyond known CVEs.

This webinar is part of Surfacing Security, a series on ASM brought to you by Assetnote, a Searchlight Cyber company. Discover how Assetnote’s team has pioneered a new approach to security research - finding hidden exposures and delivering actionable insights for customers. Tune in for a deep dive into ASM fundamentals and the critical role of proactive mitigation in strengthening security. 

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E02 What is "True" Attack Surface Management (ASM)?

In this episode of Surfacing Security, a series on ASM brought to you by Assetnote (a Searchlight Cyber company), Michael and Shubs explore the background and evolution of Assetnote, a pioneering Attack Surface Management platform. 

They discuss the company’s early challenges, the strategic decisions that shaped its success, and the critical role of speed, scale, and automation. Plus, they share their unique approach to security research and building a market-leading ASM solution that reduces the risk of blind spots and undetected vulnerabilities that could be entry points for would-be attackers.

Learn more about Assetnote at https://www.slcyber.io/asm.

S01 E01 The untold story of Assetnote: Origins and evolution

In this session, we're joined by Michael Gianarakis and Shubham Shah, the co-founders of Assetnote, where we'll break down the flaws in traditional ASM and explore how teams can take a more proactive approach that actually helps security teams reduce risk. Topics we'll cover include:

- The risks of 'shadow exposure' (the hidden attack surface) where threats are introduced by third-party tools like ServiceNow, Citrix, and Slack
- Why IP-based scanning is not enough when managing modern cloud and CDN environments
- The importance of proactively closing the time gap between exposure detection and mitigation 

We'll explore why the traditional concept of network perimeter security is no longer enough to defend against today’s evolving cyber threats. As organizations rapidly adopt cloud tools and shadow architecture, their true attack surface expands exponentially – exposing them to phishing, leaked credentials, and the persistent risk of ransomware attacks.

If you’ve ever watched a sci-fi film, you’ll know that no matter how impenetrable an opposition’s defences may seem - there is always a chink in the armor that can be exploited - an opening that can be exploited. Whether it’s the Death Star in Star Wars, the City Destroyer in Independence Day, or The Borg Cube from Star Trek, attackers always find a way in. Similarly, in the world of cybersecurity, today’s perimeter defenses are no longer enough to keep intruders at bay.

Register today for your chance to hear from two of the most preeminent minds in Attack Surface Management as they answer:

- What are the top threats companies should be monitoring to bolster their ASM programs
- How to align this with your security objectives, risk tolerance, and business goals
- What strategies and practical steps should security teams take to strengthen their cybersecurity posture

Legacy vs modern Attack Surface Management: What is true ASM?

Ransomware

Cyber Attacks

Cyber Crime

Attack Surface

Cyber Defence

Cyber Incident Response

Threat Intelligence

Threat Hunting

Attack Surface Management

Vulnerability Intelligence

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Finance

Leadership styles are continually evolving to incorporate new ways of thinking about employee satisfaction, motivation and performance. Find webinars and videos on the strategies, techniques and qualities that make an effective leader. By participating in this community you will gain insight into current leadership theories and how to optimize employee performance.

Leadership

In the business management community, commercial experts will be sharing webinars and videos on an array of subjects. From sales and marketing, to finance, productivity and growth, this content will help you stay up-to-date with the current economic environment and provide timely management insight to drive business growth.

The Ransomware Report H1 2025: New Trends, Groups & Insights

Presented by

About this talk

Searchlight Cyber