Credential theft has become the dominant initial access vector for attackers, with Recorded Future indexing nearly two billion stolen credentials in 2025. The second half of 2025 saw a 50% increase over the first half, driven by industrialized infostealer malware, malware-as-a-service ecosystems, and AI-enabled phishing. Nearly two-thirds of analyzed credentials with identifiable URLs were tied to authentication systems like Okta, Azure AD, or corporate VPNs. Critically, 31% of malware-sourced credentials included active session cookies enabling full MFA bypass. Experts recommend shifting from perimeter and MFA-centric defenses to continuous identity monitoring, phishing-resistant MFA (FIDO2), device-based conditional access policies, and treating high-risk IAM credentials as Tier-0 assets.
Sort: