Cybersecurity researchers have uncovered a sharp rise in credential-stealing malware, with 25% of over a million malware samples analyzed in 2024 targeting user credentials. This marks a threefold increase from 2023, propelling credential theft from password stores into the MITRE ATT&CK framework’s top 10 techniques. These attacks accounted for 93% of all malicious cyber activities last year.
According to “The Red Report 2025” by Picus Security, threat actors are shifting towards multi-stage, sophisticated attacks, leveraging a new breed of malware. Researchers have labeled this emerging trend “SneakThief,” emphasizing its focus on stealth, persistence, and automation.
Cybercriminals are refining these malware strains to execute highly evasive operations, aiming to carry out “the perfect heist” with built-in capabilities to bypass defenses and extract sensitive data.
Despite growing concerns over AI-driven threats, researchers found no evidence of AI-powered malware in 2024. However, malware samples analyzed were capable of executing an average of 14 malicious actions, with data exfiltration and stealth techniques responsible for 11.3 million cyber incidents last year.
“Focusing on the Top 10 MITRE ATT&CK techniques is the most viable way to stop the kill chain of sophisticated malware strains as early as possible,” said Volkan Ertürk, CTO and
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: