In recent years, the cybersecurity landscape has witnessed a dramatic escalation in identity-based attacks, with employee login credentials becoming prime targets for cybercriminals. This surge is largely attributed to the proliferation of sophisticated yet affordable tools that facilitate such breaches. Understanding the mechanisms behind these attacks and implementing robust defense strategies is imperative for organizations aiming to safeguard their digital assets.
According to a report by eSentire, identity-based attacks have surged by 156% since 2023, accounting for 59% of all confirmed cyber incidents in the first quarter of 2025. This alarming trend underscores the increasing value cybercriminals place on employee login credentials, which serve as gateways to sensitive corporate information.
The impact of infostealers is profound. SpyCloud's 2025 Identity Exposure Report reveals that about one in two corporate users were exposed through infostealer malware in the past year, either through personal or corporate devices. The report also highlights a 48% increase in stolen credentials for third-party applications, totaling 7 million, with notable targets including enterprise AI tools and password managers.
Source: TechRadar Your employee logins are more valuable to criminals than ever - here's how to keep them protected
The Rise of Identity-Based Attacks
According to a report by eSentire, identity-based attacks have surged by 156% since 2023, accounting for 59% of all confirmed cyber incidents in the first quarter of 2025. This alarming trend underscores the increasing value cybercriminals place on employee login credentials, which serve as gateways to sensitive corporate information.Phishing-as-a-Service (PhaaS) Platforms
One significant factor contributing to this rise is the emergence of Phishing-as-a-Service (PhaaS) platforms like Tycoon 2FA. These platforms offer cybercriminals sophisticated phishing kits capable of bypassing multi-factor authentication (MFA) by intercepting session cookies in real-time. Tycoon 2FA, for instance, provides adversary-in-the-middle (AiTM) capabilities, enabling attackers to steal credentials from services such as Microsoft 365 and Gmail. Remarkably, these services are available for as little as $200 to $300 per month, making them accessible to a broad spectrum of threat actors.Infostealer Malware: A Persistent Threat
In addition to PhaaS platforms, the use of infostealer malware has become increasingly prevalent. These malicious programs are designed to covertly extract sensitive information, including login credentials, browser cookies, and system details, from infected devices. The accessibility and affordability of infostealers have contributed to their widespread use. Some operators offer to set up infostealers for as low as $12, with ongoing costs primarily associated with hosting servers. This low barrier to entry has led to a significant increase in cybersecurity incidents involving infostealers.The impact of infostealers is profound. SpyCloud's 2025 Identity Exposure Report reveals that about one in two corporate users were exposed through infostealer malware in the past year, either through personal or corporate devices. The report also highlights a 48% increase in stolen credentials for third-party applications, totaling 7 million, with notable targets including enterprise AI tools and password managers.
Business Email Compromise (BEC) Campaigns
The credentials harvested through PhaaS platforms and infostealers are often utilized in Business Email Compromise (BEC) campaigns. In these schemes, attackers gain unauthorized access to corporate email accounts, enabling them to impersonate executives or trusted partners. This impersonation is used to deceive employees into transferring funds or divulging sensitive information. The financial ramifications of BEC attacks are substantial, with losses often reaching into the billions annually.Recommendations for Organizations
To mitigate the risks associated with identity-based attacks, organizations should adopt a multi-faceted approach:- Phishing-Resistant MFA Solutions: Implementing MFA methods that are resistant to phishing, such as biometrics or hardware-based tokens, can significantly enhance security.
- Continuous Identity Monitoring: Utilizing AI-driven platforms for real-time monitoring of identity-related activities can help detect and respond to threats promptly.
- Employee Training: Regular training programs can equip employees with the knowledge to recognize and respond to phishing attempts and other social engineering tactics.
- Proactive Vulnerability Management: Establishing protocols for regular patching and vulnerability assessments can reduce the risk of exploitation.
Source: TechRadar Your employee logins are more valuable to criminals than ever - here's how to keep them protected