- Identity -based attacks have been growing since 2023
- Criminals are using cheap malware and faas platforms in attacks
- Login credentials are used in BEC campaigns
Computer pirates are more and more employee login credentials, helped by advanced tools that are cheap and easy to obtain, experts warned.
This is the feeling that echoed in a new Escentire report, which found that the so -called “identity -based attacks” have increased by more than double (156%) since 2023.
Only in the first quarter of 2025, this type of attack represented more than half (59%) of all confirmed cyber incidents.
Commercial email commitment
Essentire highlighted two things that made the increase in identity -based attacks possible: Phishing platforms as a service (Phaa) such as Tycoon 2FA and cheap and available infestation malware.
Tycoon 2FA works as an adversary tool in the middle (AITM), intercepting login credentials and session cookies in real time, for tools such as Microsoft 365 or Gmail.
In addition, with its own patented captcha algorithms, it can evade automated scanners, and with JavaScript ofned ofbush, invisible unicode characters and the fingerprint, it has become quite good to evade detection. It costs up to $ 300 per month, which makes it a fairly attractive addition to any technological pile of threats from the actor.
Those who cannot pay it (or simply do not want) can opt for an even cheaper option: infect malware that does not cost more than $ 100, it can often be found for only $ 10. These tools extract credentials from browsers, password administrators and VPN settings.
Crooks would use the data obtained to execute Commercial Email Commitment (BEC) attacks. They would enter the emails of executives or overlook high -ranking corporate officials, sending electronic emails from other employees that deceive them in wiring money or share confidential files that are then used in extortion campaigns.
Essentire recommends that organizations adopt MFA resistant solutions to phishing (for example, biometry or hardware -based tokens), perform continuous identity monitoring and real -time threat detection using AI -promoted platforms, prioritizing employee training and implementing the “proactive vulnerabilities management” and patch protocols.
Through The registration
