The cybersecurity threat landscape has undergone a dramatic transformation, with identity-based attacks now dominating as the primary vector for cybercriminals.
According to recent threat intelligence from eSentire’s Threat Response Unit (TRU) Report, identity-driven threats have surged by 156% between 2023 and 2025, accounting for 59% of all confirmed threat cases in the first quarter of 2025.
This shift marks a fundamental change in adversarial tactics, as attackers increasingly bypass traditional technical vulnerabilities and instead target user credentials for direct access to organizational assets.
Identity-Centric Threats
Driving this surge is the proliferation of Cybercrime-as-a-Service ecosystems, particularly Phishing-as-a-Service (PhaaS) platforms and advanced infostealer malware.
These platforms, such as Tycoon2FA, have democratized access to sophisticated attack tools, enabling even low-skilled threat actors to carry out enterprise-grade credential theft.
Tycoon2FA alone is responsible for 58% of observed account compromise cases, offering capabilities to bypass multi-factor authentication (MFA) and harvest session cookies for as little as $200-300 per month.
The technical sophistication of these kits rivals legitimate security tools, with features like Adversary-in-the-Middle (AitM) functionality, anti-bot protections, and continuous updates to evade detection.
Infostealer malware has also evolved, now representing 35% of all disrupted malware threats in 2025.
These tools go far beyond simple keyloggers, systematically extracting browser-stored credentials, password manager databases, VPN configurations, and application-specific authentication tokens.
The stolen data is rapidly monetized on underground marketplaces, which operate with the efficiency of legitimate e-commerce platforms, allowing threat actors to filter and purchase specific credentials within hours of theft.
High-value targets, such as business email accounts and administrative credentials, command premium prices, fueling further attacks.
Phishing-as-a-Service
Business Email Compromise (BEC) and account takeover incidents have seen a sharp rise, with email account compromises increasing by 60% year-over-year and making up 41% of all 2025 cases.
Attackers are now moving from initial credential theft to active fraud within hours, leveraging anonymization services like VPNs and proxies to mask their true locations and evade geographic anomaly detection.
Approximately 44% of BEC cases involve the use of commercial VPNs or proxy networks, further complicating efforts to identify and block malicious activity.
The infrastructure supporting these attacks is both persistent and adaptive, with PhaaS platforms maintaining consistent operational patterns and migrating to alternative providers within days when disrupted.
Unmanaged devices, shadow IT infrastructure, and third-party supply chain relationships create significant blind spots in organizational security, often exploited by attackers to gain and maintain access without detection.
Notably, compromised credentials from infostealers have been used to deploy ransomware, with organizations often only detecting the breach during the final stages of attack.
In response to these developments, cybersecurity experts recommend a fundamental restructuring of identity security architectures.
Key measures include the adoption of phish-resistant authentication methods such as FIDO2/WebAuthn, implementation of Zero Trust principles with continuous authentication verification, and the integration of advanced monitoring capabilities to detect anomalies in real time.
Rapid incident response protocols, including automated session termination and credential revocation, are now essential to contain threats within hours, reflecting the compressed timelines of modern attacks.
The rise of identity-centric threats underscores the urgent need for organizations to move beyond perimeter and endpoint-focused defenses.
As cybercriminals continue to innovate, only a proactive, identity-focused security strategy can provide effective protection against the current and future threat landscape.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
