Thursday, February 20, 2025

Credential Theft Surges as Malware Evolves: 25% of 2024 Threats Targeted User Logins

A new cybersecurity report has confirmed what many security experts feared—malware is getting smarter, stealthier, and more dangerous. Analyzing over a million malware samples collected in 2024, researchers found that a staggering 25% of them were designed to steal user credentials. That’s a threefold increase compared to 2023, pushing credential theft into the top 10 techniques in the MITRE ATT&CK framework.

A Dramatic Shift in Cybercrime Priorities

Cybercriminals are shifting gears. Traditional smash-and-grab attacks are taking a back seat to sophisticated, multi-stage campaigns aimed at maximizing damage while minimizing detection. According to “The Red Report 2025” by Picus Security, attackers are crafting new generations of malware that prioritize stealth, persistence, and automation.

Researchers observed that threat actors are focusing on prolonged, complex operations. They’re no longer relying on just one technique or method. Instead, they’ve built multi-layered attack chains capable of evading defenses, exfiltrating data, and maintaining access to infected systems for extended periods.

cybersecurity threat analysis 2024

The Rise of “SneakThief” Malware

Picus Security has dubbed this new breed of malware “SneakThief,” highlighting its ability to bypass security tools while systematically harvesting sensitive data. These info-stealers are designed to:

  • Extract credentials from password stores and browsers
  • Evade detection with advanced stealth techniques
  • Automate exfiltration to remote servers
  • Persist on systems even after security patches or antivirus scans

The report notes that the majority of modern malware samples can execute 14 distinct malicious actions, making them more versatile than ever before. This adaptability makes traditional defenses ineffective in many cases.

The Most Prevalent Cybercrime Tactics of 2024

Malware evolution isn’t happening in isolation. The overall cyber threat landscape is seeing major changes, with exfiltration and stealth tactics accounting for 11.3 million cybercrime incidents last year.

Here’s how key attack strategies are stacking up:

Attack Type Percentage of Cybercrime in 2024 Increase from 2023
Credential Theft 25% 3x
Exfiltration & Stealth 11.3 million cases +27%
Multi-Stage Attacks Dominant attack pattern Significant rise
AI-Driven Malware Usage No confirmed evidence

Interestingly, despite growing fears, researchers found no proof that cybercriminals have widely adopted AI-driven malware. While AI is revolutionizing cybersecurity on the defensive side, attackers appear to be sticking to traditional—yet highly effective—manual attack strategies.

MITRE ATT&CK: The Key to Stopping Cyber Heists

With credential theft now among the top 10 most common cybercrime techniques, cybersecurity professionals must adapt. Volkan Ertürk, CTO and co-founder of Picus, emphasized that focusing on MITRE ATT&CK’s top techniques is the best way to disrupt modern malware campaigns.

“Stopping SneakThief malware isn’t impossible,” Ertürk said. “By concentrating on just 10 of MITRE’s techniques, security teams can block up to 90% of threats before they cause damage.”

While cybercriminals evolve their strategies, enterprises and security teams must evolve their defenses. Focusing on early detection and multi-layered security strategies will be critical in the fight against next-generation malware.

Harper Jones
Harper Jones
Harper is an experienced content writer specializing in technology with expertise in simplifying complex technical concepts into easily understandable language. He has written for prestigious publications and online platforms, providing expert analysis on the latest technology trends, making his writing popular amongst readers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post: