A startling new report from Picus Security reveals a dramatic evolution in malware, with cybercriminals now dedicating a quarter of all attacks to stealing user logins. Analyzing over a million malware samples from 2024, researchers found that credential theft has seen a threefold increase compared to 2023. This alarming trend shows attackers are prioritizing stealthy, long-term intrusions over quick, noisy attacks, making them harder to detect and stop.
A Major Shift in Cybercrime Tactics
The era of simple smash-and-grab cyberattacks is fading. According to “The Red Report 2025,” cybercriminals are now focused on sophisticated, multi-stage campaigns designed for maximum impact.
These modern attacks are built to remain hidden on systems for long periods. Attackers are no longer using single methods. Instead, they deploy complex attack chains that can bypass security defenses, steal data slowly over time, and maintain their access even after a system is updated or scanned.
This strategic shift indicates that cybercrime has become a more patient and calculated operation, aiming for prolonged access to valuable networks and data.
Meet SneakThief: The New Breed of Malware
Researchers have coined the term “SneakThief” to describe this new generation of malware. Its name highlights its primary strengths: stealth and data harvesting. These advanced info-stealers are far more versatile than older types of malware.
The report notes that most modern malware can now perform 14 different malicious actions. This adaptability makes many traditional antivirus solutions less effective.
Key capabilities of SneakThief malware include:
- Extracting credentials directly from web browsers and system password stores.
- Using advanced techniques to evade detection by security software.
- Automating the process of sending stolen data to remote servers.
- Maintaining persistence on a system, allowing it to survive reboots and security updates.
The State of Cybercrime in 2024
The rise in credential theft is part of a broader evolution in the cyber threat landscape. Last year, tactics involving data exfiltration and stealth were linked to 11.3 million separate cybercrime incidents. The focus has clearly moved toward smarter, quieter attacks.
Here is a breakdown of the most common attack strategies observed in 2024.
| Attack Type | Percentage of Cybercrime in 2024 | Increase from 2023 |
|---|---|---|
| Credential Theft | 25% | 3x |
| Exfiltration & Stealth | 11.3 million cases | +27% |
| Multi-Stage Attacks | Dominant attack pattern | Significant rise |
Interestingly, despite widespread discussion about AI, the report found no confirmed evidence of its widespread use by cybercriminals for creating malware. Attackers are still relying on proven, effective manual strategies to achieve their goals.
How to Defend Against Modern Threats
With credential theft now officially one of the top 10 most common techniques in the MITRE ATT&CK framework, security teams must update their defensive playbooks. Volkan Ertürk, CTO and co-founder of Picus, stated that the solution lies in focusing on the most common attack behaviors.
“Stopping SneakThief malware isn’t impossible,” Ertürk said. “By concentrating on just 10 of MITRE’s techniques, security teams can block up to 90% of threats before they cause damage.”
This approach emphasizes disrupting the core actions that all these advanced malware campaigns rely on. As cybercriminals evolve, enterprises must shift their focus toward early detection and implement multi-layered security strategies to counter these next-generation threats effectively.
