CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Credential Theft and Account Compromise Surge in 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

In 2025, cyber threat actors significantly increased their focus on credential theft, leading to a 389% rise in account compromise incidents, which constituted 55% of all attacks observed by eSentire. Credential access represented 75% of malicious activity, with two-thirds aimed at account takeovers and the remaining third used for phishing campaigns. Microsoft 365 accounts were primary targets. The use of phishing-as-a-service (PhaaS) kits, such as Tycoon2FA, FlowerStorm, and EvilProxy, fueled business email compromise (BEC) attacks. These kits are sophisticated, continuously updated, and designed to bypass modern security controls like multifactor authentication (MFA). While BEC attacks declined to less than 10% of malicious activity, they remained a top threat for companies, particularly in real estate, finance, retail, and construction. The report also highlighted a 14-fold increase in security incidents involving email bombing and IT Help Desk impersonation, a 300% spike in the ClickFix lure, and varying trends in cyber incidents across different industries.

Timeline

  1. 16.01.2026 13:40 1 articles · 12h ago

    eSentire Reports 389% Surge in Account Compromise Incidents in 2025

    In 2025, eSentire observed a 389% year-over-year rise in account compromise incidents, which made up 55% of all attacks. Credential access represented 75% of malicious activity, with two-thirds aimed at account takeovers and the remaining third used for phishing campaigns. Microsoft 365 accounts were primary targets. The use of PhaaS kits, such as Tycoon2FA, FlowerStorm, and EvilProxy, fueled BEC attacks, which, despite a decline, remained a significant threat for companies in real estate, finance, retail, and construction.

    Show sources
    Open in new tab

Information Snippets

  • Account compromise incidents surged by 389% year-over-year, making up 55% of all attacks observed by eSentire in 2025.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Credential access represented 75% of malicious activity observed by eSentire's Threat Response Unit (TRU).

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Two-thirds of credential access activities were aimed at account takeovers, while the remaining third was used for phishing campaigns.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Microsoft 365 accounts were primary targets for account takeovers.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Malware accounted for 25% of threats observed in 2025, a decline of four percentage points compared to 2024.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Phishing-as-a-service (PhaaS) kits accounted for 63% of all account compromise incidents.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • PhaaS operations like Tycoon2FA, FlowerStorm, and EvilProxy were used to carry out BEC attacks.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • BEC attacks declined to less than 10% of malicious activity in 2025, a 21-percentage point decline compared to 2024.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Threat actors can initiate BEC actions, such as creating inbox forwarding rules, in as little as 14 minutes after capturing a target’s corporate login credentials and session token.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Companies in real estate, finance, retail, and construction were the most targeted by BEC attacks.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • Security incidents involving email bombing and IT Help Desk impersonation attacks increased 14-fold, with the legal industry being the most targeted.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • The ClickFix lure saw a 300% spike, representing over 30% of all malware delivery cases.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • The software industry experienced the largest number of security incidents in 2025, followed by manufacturing and business services.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources

  • The construction industry and the hospitality and legal sectors benefited from a decrease in cyber incidents in 2025.

    First reported: 16.01.2026 13:40
    1 source, 1 article
    Show sources