Rising Threats: The Surge in AI-Driven Credential Theft and Exploits

In the past year, cybercriminals have become more adept at stealing credentials and gaining unauthorized access to sensitive information, with the use of AI-generated phishing emails and infostealer malware at the forefront of these attacks. According to the latest IBM X-Force 2025 Threat Intelligence Index, a disturbing trend has emerged where identity-based attacks have surged by 84%, leveraging sophisticated tactics to infiltrate organizations. With a significant increase in AI-driven phishing campaigns and the exploitation of public-facing applications, businesses are facing a rapidly evolving threat landscape.

The report, which draws from

Credential Theft and Infostealers on the Rise

Credential theft has become a primary focus for cybercriminals in recent times. IBM’s report shows that around 30% of all intrusions in the past year were identity-based attacks. This represents a staggering 84% annual increase in the volume of emails carrying infostealer malware, which allows attackers to harvest login credentials, personal information, and other sensitive data.

AI has played a major role in this surge. Cybercriminals are now using AI tools to generate highly convincing phishing emails at scale, allowing them to target organizations and individuals more effectively. These phishing emails, often indistinguishable from legitimate communications, have contributed significantly to the rise in credential theft incidents.

Along with the use of phishing emails, infostealer malware has become a common tool for attackers to automate the collection of stolen credentials. The malware can capture a range of sensitive information, from browser histories and login credentials to encrypted data stored in the system. As attackers continue to refine their techniques, the ability to infiltrate organizations without raising immediate alarms has become a major concern.

Exploiting Public-Facing Applications

One of the most alarming findings in the IBM report is the rise of public-facing application exploits. These applications, which serve as gateways for legitimate user traffic, are increasingly being targeted by cybercriminals to gain initial access to systems. The report notes that a quarter of all attacks against critical infrastructure providers used this technique, with older systems and slow patching cycles offering attackers easy opportunities to exploit vulnerabilities.

Once inside an

Dark Web Collaboration and Evolving Ransomware Tactics

IBM also sheds light on a worrying trend: nation-state actors and cybercriminal groups are increasingly sharing information on exploits and vulnerabilities through dark web forums. About 40% of the most talked-about CVEs (Common Vulnerabilities and Exposures) on underground forums are linked to sophisticated threat actor groups, signaling a closer collaboration between different types of cybercriminals.

Ransomware, which has been a dominant threat in the cybercrime landscape for years, continues to evolve. While ransomware still accounted for the largest share of malware incidents in 2024, there was a notable decline in the overall number of incidents last year. This drop is largely attributed to global takedown efforts, which have forced some ransomware groups to abandon long-established malware families like Trickbot and Quakbot. Instead, these groups are adopting newer, shorter-lived ransomware families, which are harder to track and neutralize.

Manufacturing companies were again the most targeted sector, with these organizations accounting for nearly a third of all ransomware extortion cases. These attacks have had a devastating impact on manufacturing’s ability to operate, underscoring the importance of securing critical industrial infrastructure against cyber threats.

What Undercode Says:

The trends observed in

The surge in credential theft and the use of infostealers to harvest login information highlights the critical need for businesses to focus on modernizing their authentication practices. As attackers increasingly target identity-based vulnerabilities, it is essential for organizations to implement strong authentication measures, such as multi-factor authentication (MFA), and regularly audit their access controls.

The growing trend of exploiting public-facing applications is a reminder of the importance of maintaining up-to-date systems and patching vulnerabilities in a timely manner. Cybercriminals are targeting the weak links in the security chain, and organizations that fail to address these gaps leave themselves exposed to significant risks.

Moreover, the rise of collaboration between nation-state actors and cybercriminals on the dark web signals a troubling future where cyberattacks are not only driven by profit but also by political or ideological motives. Organizations must be vigilant in monitoring not only their own systems but also the broader threat landscape, as the tactics used by attackers continue to evolve.

Finally, the shift in ransomware tactics — particularly the move toward short-lived ransomware families — underscores the need for businesses to stay agile in their cybersecurity strategies. Ransomware groups are continuously adapting to avoid detection, making it critical for organizations to employ proactive defense measures, including real-time threat hunting and incident response planning.

Fact Checker Results:

IBM’s report accurately reflects the increasing reliance on AI in cyberattacks, particularly in generating phishing emails and writing malicious code.
The rise in identity-based attacks and the use of infostealers is consistent with trends observed in the cybersecurity community.
The growing exploitation of public-facing applications and the shift in ransomware tactics align with broader industry findings on evolving cyberthreats.