Ethical Hacking News
Stolen credentials have become the second most common initial infection vector, surpassing email phishing in Mandiant's M-Trends 2025 report. This trend is attributed to the ease with which cybercriminals can obtain user login information and the proliferation of malware that can collect private user data.
Stolen credentials have become the second most common initial infection vector, surpassing email phishing, according to a report by Mandiant. The rise of credential stealers is attributed to the ease with which cybercriminals can obtain user login information and the proliferation of malware that collects private user info. Organizations are failing to properly manage and rotate user credentials, leaving personal devices vulnerable to infostealers and other types of malware. The primary egress point of threat actors is adapting to the specific target, with stolen credentials becoming a more common method of gaining access into systems. Proper security measures, including multi-factor authentication (MFA), are essential to protect against credential theft and other types of cyber threats.
The cybersecurity landscape is constantly evolving, and one trend that has emerged in recent times is the increasing reliance on stolen credentials to gain access into IT systems. According to a report by Mandiant, a Google-owned security shop, stolen credentials have become the second most common initial infection vector, surpassing email phishing.
The report, titled M-Trends 2025, provides an in-depth look at the threat landscape and highlights the rise of credential stealers. The authors note that while email phishing has been on the decline since 2022, representing the initial access vector in 22 percent of Mandiant's investigations three years ago, 17 percent in 2023, and 14 percent last year, stolen credentials have seen a resurgence.
The report attributes this rise to the ease with which cybercriminals can obtain user login information. With the widespread availability of leaked or stolen credentials online, along with the proliferation of malware that can collect private user information, including credentials, browser cookies, and even cryptocurrency wallets, it is becoming increasingly easy for hackers to gain access into systems.
One prime example of this trend is the recent Snowflake customer breaches, which were carried out by a group tracked as UNC5537. The attackers used stolen credentials, largely obtained via infostealer malware, to access Snowflake customers' cloud databases. In some cases, these infections occurred as far back as November 2020, yet the compromised credentials had not been updated or rotated.
This highlights a critical issue in cybersecurity: the failure of organizations to properly manage and rotate user credentials. The report notes that personal devices often lack enterprise security controls, making them vulnerable to infostealers and other types of malware. Furthermore, employees or contractors may disable antivirus software on their personal devices to install unlicensed software, increasing the risk of credential theft.
The report's findings also suggest that the primary egress point of threat actors is adapting to the specific target. In this case, email phishing has seen a decline in recent years, while stolen credentials have become a more common method of gaining access into systems.
However, it's worth noting that this trend is not unique to cloud-based systems. The report highlights the importance of proper security measures, including multi-factor authentication (MFA), to protect against credential theft and other types of cyber threats.
In conclusion, the rise of stolen credentials as a method of gaining access into IT systems is a concerning trend in the cybersecurity landscape. As organizations continue to adopt cloud-based solutions, it's essential that they prioritize proper security measures, including MFA, to mitigate this risk. By taking proactive steps to protect user credentials and implement robust security controls, organizations can reduce their vulnerability to credential stealers and other types of cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Rise-of-Stolen-Credentials-A-New-Normal-in-Cloud-Break-ins-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/23/stolen_credentials_mandiant/
Published: Wed Apr 23 08:54:37 2025 by llama3.2 3B Q4_K_M
