A new cybersecurity report has confirmed what many security experts feared—malware is getting smarter, stealthier, and more dangerous. Analyzing over a million malware samples collected in 2024, researchers found that a staggering 25% of them were designed to steal user credentials. That’s a threefold increase compared to 2023, pushing credential theft into the top 10 techniques in the MITRE ATT&CK framework.
A Dramatic Shift in Cybercrime Priorities
Cybercriminals are shifting gears. Traditional smash-and-grab attacks are taking a back seat to sophisticated, multi-stage campaigns aimed at maximizing damage while minimizing detection. According to “The Red Report 2025” by Picus Security, attackers are crafting new generations of malware that prioritize stealth, persistence, and automation.
Researchers observed that threat actors are focusing on prolonged, complex operations. They’re no longer relying on just one technique or method. Instead, they’ve built multi-layered attack chains capable of evading defenses, exfiltrating data, and maintaining access to infected systems for extended periods.
The Rise of “SneakThief” Malware
Picus Security has dubbed this new breed of malware “SneakThief,” highlighting its ability to bypass security tools while systematically harvesting sensitive data. These info-stealers are designed to:
- Extract credentials from password stores and browsers
- Evade detection with advanced stealth techniques
- Automate exfiltration to remote servers
- Persist on systems even after security patches or antivirus scans
The report notes that the majority of modern malware samples can execute 14 distinct malicious actions, making them more versatile than ever before. This adaptability makes traditional defenses ineffective in many cases.
The Most Prevalent Cybercrime Tactics of 2024
Malware evolution isn’t happening in isolation. The overall cyber threat landscape is seeing major changes, with exfiltration and stealth tactics accounting for 11.3 million cybercrime incidents last year.
Here’s how key attack strategies are stacking up:
Attack Type | Percentage of Cybercrime in 2024 | Increase from 2023 |
---|---|---|
Credential Theft | 25% | 3x |
Exfiltration & Stealth | 11.3 million cases | +27% |
Multi-Stage Attacks | Dominant attack pattern | Significant rise |
AI-Driven Malware Usage | No confirmed evidence | – |
Interestingly, despite growing fears, researchers found no proof that cybercriminals have widely adopted AI-driven malware. While AI is revolutionizing cybersecurity on the defensive side, attackers appear to be sticking to traditional—yet highly effective—manual attack strategies.
MITRE ATT&CK: The Key to Stopping Cyber Heists
With credential theft now among the top 10 most common cybercrime techniques, cybersecurity professionals must adapt. Volkan Ertürk, CTO and co-founder of Picus, emphasized that focusing on MITRE ATT&CK’s top techniques is the best way to disrupt modern malware campaigns.
“Stopping SneakThief malware isn’t impossible,” Ertürk said. “By concentrating on just 10 of MITRE’s techniques, security teams can block up to 90% of threats before they cause damage.”
While cybercriminals evolve their strategies, enterprises and security teams must evolve their defenses. Focusing on early detection and multi-layered security strategies will be critical in the fight against next-generation malware.