The cyber threat landscape is undergoing a seismic shift, with identity-based attacks reaching unprecedented levels, according to a new report from cybersecurity firm eSentire. The study reveals that the proliferation of Infostealers-as-a-Service (IaaS) and Phishing-as-a-Service (PhaaS) platforms is fueling a dramatic increase in credential theft and subsequent cyber incidents across organizations of all sizes.
Unprecedented Growth in Identity Attacks
eSentire’s analysis shows a staggering 156% year-over-year increase in cyberattacks targeting employee credentials between 2024 and the first quarter of 2025. Identity-driven threats now comprise nearly 60% of all confirmed security incidents investigated by eSentire’s Security Operations Centre, underscoring the growing importance of identity as the primary attack vector.
The Rise of Infostealers-as-a-Service
The report highlights the emergence of infostealer malware offered as a service, which has lowered the barrier to entry for cybercriminals. These infostealers now account for 35% of all malware threats observed by eSentire in 2025. By automating the theft of login credentials, session cookies, and sensitive data from compromised devices, these tools enable even low-skilled attackers to harvest and monetize vast quantities of corporate access data.
Synergy with Phishing-as-a-Service
The threat is further amplified by the availability of sophisticated PhaaS platforms, such as Tycoon 2FA, which allow attackers to launch advanced phishing campaigns. These platforms employ adversary-in-the-middle (AitM) techniques to intercept authentication tokens in real time, effectively bypassing multi-factor authentication (MFA) and granting attackers unauthorized access to corporate systems.
Underground Credential Markets
Stolen credentials and authentication tokens are rapidly commoditized on underground marketplaces, often selling for as little as $10 per login. This ease of access enables threat actors to scale their operations, launching business email compromise (BEC), ransomware, and financial fraud attacks with minimal investment.
Business Impact
The consequences for organizations are severe. Data breaches, financial losses, operational disruptions, and regulatory penalties are increasingly common outcomes. The FBI has documented over 300,000 BEC incidents globally since 2013, resulting in an estimated $55 billion in losses. Both small and large enterprises are at risk, with small and medium-sized businesses particularly vulnerable due to limited cybersecurity resources.
eSentire’s Recommendations
In response to these evolving threats, eSentire recommends a multi-layered approach to cybersecurity:
- Adopt Phish-Resistant Authentication: Implement FIDO2/WebAuthn and passkeys to prevent credential interception and replay attacks.
- Embrace Zero Trust Principles: Continuously verify device compliance, user location, and behavioral anomalies to detect and block suspicious activity.
- Enhance Security Awareness: Provide ongoing employee training to recognize and respond to phishing and social engineering attempts.
- Invest in Managed Detection and Response (MDR): Leverage MDR services for rapid threat identification, containment, and incident response.
