Your employee logins are more valuable to criminals than ever - here's how to keep them protected

News
By published

Attacks against login credentials are surging, experts warn

Users display warnings about the use of artificial intelligence (AI), access to malicious software or threats to online hackers. computer cyber security Warning concept or tech scam.
(Image credit: Shutterstock)
  • Identity-based attacks have been growing since 2023
  • Crooks are using cheap malware and PhaaS platforms in attacks
  • Login credentials are used in BEC campaigns

Hackers are increasingly going after employee login credentials, helped by advanced tools that are both cheap and easy to obtain, experts have warned.

This is the sentiment echoed in a new report from eSentire, which found so-called “identity-based attacks” have surged by more than twofold (156%) since 2023.

In the first quarter of 2025 alone, this type of attack accounted for more than half (59%) of all confirmed cyber-incidents.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

Business email compromise

eSentire singled out two things that made the surge in identity-based attacks possible: Phishing-as-a-Service (PhaaS) platforms such as Tycoon 2FA, and cheap, readily-available infostealing malware.

Tycoon 2FA works as an Adversary-in-the-Middle (AiTM) tool, intercepting login credentials and session cookies in real time, for tools such as Microsoft 365, or Gmail.

Furthermore, with its own proprietary CAPTCHA algorithms, it can evade automated scanners, and with obfuscated JavaScript, invisible Unicode characters, and fingerprinting, it has gotten pretty good at evading detection. It costs up to $300 a month, which makes it a rather attractive addition to any threat actor’s tech stack.

Those that can’t afford it (or simply don’t want to) can go for an even cheaper option - infostealing malware that costs no more than $100, and can often be found for as low as $10. These tools extract credentials from browsers, password managers, and VPN configurations.

Crooks would use the obtained data to run Business Email Compromise (BEC) attacks. They would either break into executives’ emails, or impersonate high-ranking corporate officers, sending other employees emails that trick them into wiring money, or sharing sensitive files that are later used in extortion campaigns.

eSentire recommends organizations adopt phishing-resistant MFA solutions (for example, biometrics, or hardware-based tokens), conduct continuous identity monitoring and real-time threat detection using AI-driven platforms, prioritize employee training, and implement “proactive vulnerability management” and patching protocols.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.