Monetary benefits continue to fuel the majority of cyber threat operations

Monetary benefits continue to fuel the majority of cyber threat operations

**Headline:** Rising Trend of Credential Theft in Cyber Threat Landscape of 2025

In the ever-evolving world of cybersecurity, a significant shift has been observed in the modus operandi of threat actors in 2025. Financial gain has emerged as the primary motive for cybercriminals, with stolen credentials becoming the second most common initial access point for systems, surpassing other methods for the first time.

According to the latest report by Mandiant, over 72% of cybersecurity incidents in 2023 were financially driven, with ransomware attacks being a major concern. Cybercriminals have been targeting high-profile sectors such as retail, with notable examples including Marks & Spencer, Co-op, and Dior.

The preference for stolen credentials as an entry point is due to several factors. Firstly, it bypasses many traditional security controls by leveraging legitimate access, making it harder to detect. Secondly, the attackers have grown more sophisticated, using AI and machine learning to automate credential theft and customize attacks.

Well-funded criminal syndicates and state-sponsored groups exploit both technical vulnerabilities and human factors such as phishing and social engineering to harvest credentials. Business Email Compromise (BEC) remains a significant threat vector, where stolen or spoofed credentials are used to impersonate executives and initiate fraudulent financial transactions.

SMBs (Small and Medium-sized Businesses) are particularly vulnerable, with 61% of SMBs experiencing cyberattacks in 2023. This is largely due to weaker security defenses enabling credential theft and abuse.

The global cost of cybercrime is projected at $10.5 trillion annually by 2025, underscoring the massive financial implications. Cyberattacks occur approximately every 39 seconds globally, with daily cyberattacks numbering around 2,200.

However, non-corporate systems, such as personal computers, are often less secure and more vulnerable to credential theft. Jurgen Kutscher, VP of Mandiant Consulting, noted that these systems are easier to exploit due to poor security hygiene among organizations and the tendency for workers or outside contractors to disable antivirus software to install unlicensed software.

Kutscher also highlighted an entire cybercrime business surrounding stolen credentials, promoting the sale (and use) of stolen credentials. The rise in credential theft was among the most surprising developments in the Mandiant report.

To mitigate these evolving risks, organizations must prioritize credential security, multi-factor authentication, and continuous monitoring. It is crucial to strengthen security measures, especially for non-corporate systems, to protect against the increasing threat of credential theft.

1. In the ever-evolving landscape of 2025 cybersecurity, phishing and social engineering have become crucial tactics for threat actors to harvest stolen credentials, as these methods help them bypass traditional security controls.
2. The incident response teams need to focus on enhancing finance sector cybersecurity, given that stolen credentials have become the second most common initial access point for systems, surpassing other methods for the first time.
3. As technology continues to advance, cybersecurity measures must evolve accordingly, with incident response teams adopting robust credential security strategies, including multi-factor authentication and continuous monitoring, to protect against the continuing threats of credential theft.

Read also: