Account Compromises Soared 389% in 2025: Report
▼ Summary
– Malware accounted for 25% of observed threats in 2025, a four-percentage-point decline from 2024, with two-thirds of it aimed at account takeovers.
– Credential theft was the dominant threat, representing 75% of malicious activity and showing a 389% year-over-year rise in account compromise incidents.
– The top initial attack vector was using stolen credentials for email campaigns, with Phishing-as-a-Service (PhaaS) kits enabling 63% of account compromises.
– Business Email Compromise (BEC) attacks, though declining to under 10% of activity, remain a top threat, with hackers able to act within 14 minutes of credential theft.
– The software, manufacturing, and business services industries saw significant increases in security incidents, while construction, hospitality, and legal sectors experienced decreases.
The cybersecurity landscape witnessed a dramatic and alarming shift in 2025, with a staggering 389% year-over-year surge in account compromise incidents. This explosive growth, detailed in a recent industry report, underscores a fundamental change in attacker tactics, moving decisively toward credential theft as the primary method of initial access. Credential access alone represented a dominant 75% of all malicious activity observed during the period, highlighting a critical vulnerability for organizations worldwide.
While traditional malware remained a significant concern, accounting for a quarter of observed threats, its prevalence actually declined slightly. The focus has clearly pivoted; two-thirds of malware activity was specifically aimed at facilitating account takeovers, with the remaining third dedicated to launching phishing campaigns. Microsoft 365 accounts emerged as particularly prime targets for these aggressive credential-stealing operations.
The primary driver behind this epidemic is the rampant use of stolen, valid credentials to spread malicious email campaigns. This method skyrocketed from representing 37% to 55% of total security incidents among the studied organizations. The majority of these breaches are fueled by sophisticated Phishing-as-a-Service (PhaaS) kits, which were responsible for 63% of all account compromise cases. These are not simple, static tools; they are advanced, constantly evolving platforms like Tycoon2FA and EvilProxy, designed explicitly to circumvent modern defenses including multifactor authentication (MFA). Their widespread availability and continuous updates are creating a perfect storm for businesses.
These PhaaS operations frequently enable devastating Business Email Compromise (BEC) attacks. Although BEC incidents saw a proportional decline in overall malicious activity, they remain a severe and pressing threat. Attackers can move with frightening speed, often establishing malicious inbox rules within just 14 minutes of gaining access to a corporate network using stolen credentials and session tokens. Industries handling high-value transactions and sensitive communications, such as real estate, finance, and legal services, are disproportionately targeted.
The report reveals several other critical trends from the past year. There was a shocking 14-fold increase in incidents combining email bombing with IT Help Desk impersonation, a tactic heavily aimed at the legal sector. Additionally, the “ClickFix” social engineering lure saw a 300% spike, accounting for over 30% of all malware delivery. From an industry perspective, the software sector experienced the highest volume of security incidents, followed by manufacturing and business services. In a rare bit of positive news, the construction, hospitality, and legal sectors saw measurable decreases in cyber incidents during 2025.
(Source: InfoSecurity Magazine)
