{"id":1186,"date":"2025-07-07T13:53:18","date_gmt":"2025-07-07T13:53:18","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/07\/07\/hackers-target-employee-credentials-amid-spike-in-id-attacks\/"},"modified":"2025-07-07T13:53:18","modified_gmt":"2025-07-07T13:53:18","slug":"hackers-target-employee-credentials-amid-spike-in-id-attacks","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/07\/07\/hackers-target-employee-credentials-amid-spike-in-id-attacks\/","title":{"rendered":"Hackers Target Employee Credentials Amid Spike in ID Attacks"},"content":{"rendered":"<div id=\"cphContent_pnlMainContent\">\n<h2>Written by<\/h2>\n<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/localimages\/605bfdcb-abca-4e31-9902-3a3d746228ce.png?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Alessandro  Mascellino\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-81c0ae27-fe5e-4e10-9ced-c16ac1cf7c32\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A surge in identity-driven cyber-attacks targeting employee login credentials has been observed by cybersecurity researchers.<\/p>\n<p>According to a new report by eSentire\u2019s Threat Response Unit (TRU), between 2024 and the first quarter of 2025, 19,000 identity-related cyber investigations revealed a 156% increase in such threats compared to 2023.<\/p>\n<p>These incidents now account for 59% of all confirmed threats across eSentire\u2019s customer base of over 2000 organizations.<\/p>\n<h2><strong>Phishing-as-a-Service Drives Credential Theft<\/strong><\/h2>\n<p>One of the biggest enablers of this trend is<em> <\/em>Tycoon 2FA, a phishing-as-a-service (PhaaS) platform that helps cybercriminals steal Microsoft business account credentials and session cookies.<\/p>\n<p>From January to May 2025, Tycoon 2FA emerged as the leading PhaaS tool, surpassing rivals like EvilProxy and Sneaky 2FA.<\/p>\n<\/p><\/div>\n<figure id=\"layout-7b0fe828-b527-4233-a887-0e2e5e7b04d4\" data-layout-id=\"4\" data-edit-folder-name=\"image\" data-index=\"1\"><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/localimages\/3f974769-bdcd-498c-840e-8827216ef3d9.png\" alt=\"Credit: eSentire.\"><figcaption>Credit: eSentire.<\/figcaption><\/figure>\n<div id=\"layout-83fb10ec-2da8-410e-90a7-c3e955edd6b1\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"2\">\n<p>Renting the platform costs between $200 and $300 a month and includes:<\/p>\n<ul>\n<li>\n<p>Email templates spoofed to look like trusted sources<\/p>\n<\/li>\n<li>\n<p>Advanced adversary-in-the-middle (AitM) capabilities to bypass MFA<\/p>\n<\/li>\n<li>\n<p>Anti-debugging and evasion tools<\/p>\n<\/li>\n<li>\n<p>Built-in credential exfiltration<\/p>\n<\/li>\n<li>\n<p>Customer support and regular updates<\/p>\n<\/li>\n<\/ul>\n<p>Attackers use Tycoon 2FA to execute business email compromise (BEC) schemes by targeting employees in accounts receivable roles, harvesting their credentials and manipulating invoices to reroute payments to attacker-controlled bank accounts.<\/p>\n<h2><strong>Infostealers Offer Cheaper, Scalable Alternatives<\/strong><\/h2>\n<p>For attackers seeking low-cost options, infostealer malware offers a vast supply of credentials. Logs stolen using tools like Lumma Stealer are sold on underground markets for as little as $10.<\/p>\n<p>Each log may include dozens of credentials from:<\/p>\n<ul>\n<li>\n<p>Email and banking services<\/p>\n<\/li>\n<li>\n<p>Password manager databases<\/p>\n<\/li>\n<li>\n<p>Crypto wallets and browser extensions<\/p>\n<\/li>\n<li>\n<p>VPNs, FTP clients and local files<\/p>\n<\/li>\n<\/ul>\n<p><em>Read more on Lumma Stealer\u2019s international takedown efforts: Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains<\/em><\/p>\n<p>Operating since 2022, Lumma Stealer is known for its automation, which includes built-in filters to identify high-value data. This reduces the time needed to exploit stolen credentials and speeds up resale on markets like Russian Market.<\/p>\n<h2>Credential Theft Offers High Payoff for Threat Actors<\/h2>\n<p>The FBI confirmed that it has tracked over 300,000 BEC incidents globally since 2013, resulting in $55 billion in losses.<\/p>\n<p>With infostealers accounting for 35% of all malware threats disrupted by eSentire in Q1 2025, identity-based attacks now offer a higher return than traditional exploits.<\/p>\n<p>eSentire\u2019s TRU expects these threats to persist and urges organizations to adopt phishing-resistant authentication, zero-trust strategies and real-time access monitoring.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Written by A surge in identity-driven cyber-attacks targeting employee login credentials has been observed by cybersecurity researchers. According to a new report by eSentire\u2019s Threat Response Unit (TRU), between 2024 and the first quarter of 2025, 19,000 identity-related cyber investigations revealed a 156% increase in such threats compared to 2023. These incidents now account for<\/p>\n","protected":false},"author":2,"featured_media":1187,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1186","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/07\/1186-768c0a08-ca3d-4de5-8728-e36a0afd65cb-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1186","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=1186"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/1186\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/1187"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=1186"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=1186"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=1186"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}