Listen to this Post
A New Era of Cyber Threats Emerges
The cybersecurity landscape has shifted dramatically, with identity-driven attacks becoming the new battleground. From phishing kits that mimic trusted brands to stealthy malware stealing passwords en masse, threat actors are doubling down on what’s proving to be a highly profitable attack vector: your login credentials. According to a revealing report from eSentire’s Threat Response Unit (TRU), identity-focused cyber incidents have skyrocketed by 156% between 2024 and Q1 2025. These aren’t isolated events — they now represent 59% of all verified cyber threats. As organizations scramble to shore up defenses, attackers are exploiting new tools and services, making credential theft more accessible, scalable and devastating than ever before.
Surge in Identity Attacks Reshapes the Threat Landscape
Cybersecurity researchers have detected a dramatic increase in cyberattacks centered around employee login credentials. In a newly released report, eSentire’s Threat Response Unit uncovered over 19,000 identity-related cyber investigations from 2024 through early 2025, marking a staggering 156% increase compared to the previous year. This sharp rise now places identity attacks at the core of the threat ecosystem, accounting for 59% of all confirmed incidents across eSentire’s 2,000+ client organizations.
One of the main forces behind this uptick is the growing popularity of phishing-as-a-service (PhaaS) platforms, with Tycoon 2FA emerging as a dominant tool among cybercriminals. Available for just \$200 to \$300 per month, Tycoon 2FA offers a suite of professional-grade features including spoofed email templates, sophisticated adversary-in-the-middle (AitM) technology to bypass multifactor authentication (MFA), anti-debugging modules, credential exfiltration tools, and even customer support. These capabilities allow attackers to launch precise business email compromise (BEC) operations, particularly targeting finance professionals to reroute payments into fraudulent accounts.
While Tycoon 2FA targets high-value victims, many attackers also rely on infostealers like Lumma Stealer to gather a massive volume of credentials at a lower cost. These logs, often sold for under \$10 on underground markets, include access to email services, banking credentials, VPNs, password managers, crypto wallets, and more. Lumma Stealer, active since 2022, automates credential collection and even sorts data for maximum value, streamlining the resale process on dark web platforms like Russian Market.
The FBI has tracked over 300,000 BEC incidents globally since 2013, with financial losses surpassing \$55 billion. Today, eSentire reports that infostealers account for 35% of all malware threats it intercepted in Q1 2025, emphasizing that credential-based attacks now offer a higher return than traditional hacking techniques. As a response, the TRU strongly advocates for phishing-resistant authentication, a zero-trust security model, and real-time access controls to combat the rising tide of identity exploitation.
What Undercode Say:
Identity as the New Perimeter
With corporate infrastructures becoming more distributed and cloud-dependent, identity has replaced the traditional network edge. Employee credentials now function as keys to the kingdom, making them prime targets for cybercriminals. This shift is no accident — it’s the result of attackers adapting to modern enterprise environments where VPNs, SaaS tools, and remote work have become the norm.
The Rise of Cybercrime-as-a-Service
Tycoon 2FA is a symptom of a larger problem: the industrialization of cybercrime. For a modest monthly fee, even low-skill actors can rent tools that rival enterprise-grade software in sophistication. This lowers the barrier to entry for cybercrime, broadening the attacker base and increasing the frequency of credential theft incidents. The addition of customer service and regular updates makes these platforms sustainable and dangerously effective.
Infostealers Democratize Access to Credentials
Unlike targeted phishing campaigns, infostealers operate at scale, quietly harvesting credentials from compromised devices. Tools like Lumma Stealer not only automate the process but also filter out low-value data, making monetization faster and more lucrative. The fact that these logs can include sensitive data from crypto wallets, browser extensions, and password managers highlights just how comprehensive these attacks have become.
The Economics of Identity Theft
Credential-based attacks are becoming the preferred choice for cybercriminals because they are cheaper, more scalable, and more profitable than traditional methods. While ransomware attacks require negotiation and infrastructure, stolen credentials can be sold instantly or used for BEC schemes with minimal effort. The FBI’s \$55 billion loss figure underscores how lucrative identity attacks have become.
MFA Isn’t Enough Anymore
Multifactor authentication, once considered a robust defense, is being systematically bypassed through advanced phishing techniques and adversary-in-the-middle tools. Tycoon 2FA proves that even well-secured accounts are vulnerable when attackers can intercept session cookies or simulate legitimate login behavior. Organizations need to rethink authentication through phishing-resistant methods like hardware tokens, biometrics, and FIDO2 standards.
Zero Trust Is No Longer Optional
Implementing zero-trust principles — where every request is verified, regardless of origin — is now a necessity. The assumption that internal networks are safe is outdated. By treating identity as a critical control point, companies can enforce stricter access policies and reduce lateral movement in the event of a breach.
Credential Logs Fuel the Cyber Underground
The resale of stolen credential logs on platforms like Russian Market drives an entire ecosystem of secondary attacks. Buyers can use them for account takeovers, further phishing campaigns, or to gain a foothold into corporate environments. The automated packaging of these logs, including metadata and filters, makes them more valuable than ever.
The Human Element Remains the Weakest Link
Despite technological advancements, human error continues to enable most attacks. Employees are still clicking on malicious emails, reusing passwords, and ignoring security warnings. Effective training programs, combined with simulated phishing campaigns and behavioral analytics, are essential to close this gap.
Regulation and Compliance Are Catching Up
Expect more regulatory pressure on organizations to secure identities. Data protection frameworks like GDPR and upcoming US federal mandates are starting to recognize credential theft as a critical threat vector. This could drive investment in better identity management systems and auditing mechanisms.
🔍 Fact Checker Results:
✅ Identity-related cyberattacks have increased 156% since 2023, as confirmed by eSentire
✅ Tycoon 2FA is currently the top phishing-as-a-service platform in the market
✅ The FBI has documented over \$55 billion in BEC-related financial losses globally
📊 Prediction:
In the next 12 to 18 months, we expect identity-based attacks to overtake ransomware as the leading form of cybercrime. With phishing kits and infostealers becoming cheaper and more accessible, attackers will continue targeting employee credentials at scale. Organizations that fail to adopt phishing-resistant authentication and real-time monitoring will find themselves at the mercy of increasingly sophisticated threat actors.
References:
Reported By: www.infosecurity-magazine.com
Extra Source Hub:
https://www.pinterest.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
