Stolen credentials exploitation on the rise!

Mandiant recently published its comprehensive M-Trends 2025 report, detailing the latest cybersecurity threats. This post dives into one critical area highlighted in the report: the growing danger posed by leaked credentials.

Don't worry Venacus, can help you 😉

Beyond the Breach: Why Leaked Credentials Are Your Biggest Security Blind Spot

Think your firewalls and vulnerability patches are enough? Think again. While traditional hacking methods grab headlines, a quieter, more insidious threat is on the rise: attackers aren't breaking in anymore; they're simply logging in.

The use of stolen or leaked credentials has surged, becoming the second most common way attackers gained initial access in 2024, overtaking phishing and accounting for 16% of intrusions investigated by Mandiant. This marks a significant jump from just 10% the previous year.

Where are these credentials coming from?

• Infostealer Malware: This insidious software harvests credentials directly from infected user systems, including work or personal computers. Mandiant has seen a resurgence fueled by these campaigns.
• Data Leaks & Underground Markets: Massive data breaches and cybercrime forums provide a readily available marketplace for attackers to purchase or find credentials.
• Password Reuse: Employees using the same password for multiple accounts, including personal and corporate, create easy targets if one account is compromised.

The Pervasive Risk:

This isn't just about individual accounts. Compromised credentials, even from seemingly low-level employees or contractors, can be the key to unlocking your entire organization. Attackers use these "valid" logins to:

• Gain Initial Footholds: Bypass perimeter defenses and walk right through the front door.
• Access Cloud Environments: Target cloud services, SSO portals, and federated identity providers, potentially gaining broad access. Mandiant observed 35% of cloud compromises in 2024 started with stolen credentials.
• Move Laterally: Use compromised accounts, especially privileged ones, to navigate networks, access sensitive data repositories (like SharePoint or GitHub), and escalate privileges.
• Facilitate Ransomware & Extortion: Obtain access needed to steal sensitive data and deploy ransomware.

What Can You Do?

The continued prevalence of credential theft highlights critical security gaps. It's time to shift focus:

1. Prioritize Strong Authentication: Implement phishing-resistant Multi-Factor Authentication (MFA) everywhere, especially for privileged accounts. Weak MFA isn't enough.
2. Monitor for Exposure: Proactively scan for your organization's leaked credentials using data leak intelligence services like Venacus.
3. Improve Access Hygiene: Enforce the principle of least privilege. Audit and secure internal data repositories. Limit credential sprawl and manage secrets dynamically.
4. Enhance Visibility: Ensure robust logging and detection across cloud and on-premises environments, focusing on identity and access patterns.
5. Educate Users: Train employees on the dangers of password reuse and phishing.

Protecting against sophisticated exploits is crucial, but don't let the front door swing open because of a leaked password. In today's threat landscape, stolen credentials are the key, and securing them must be a top priority.

Works cited