Credential‑theft surge
Credential theft is surging — millions of logins are being traded on the dark web and feeding ransomware and state‑level espionage tied to Russia/China actors. Defenders are pushing anomalous‑login monitoring and stricter MFA deployment as first‑line counters. (x.com)
Flashpoint’s intelligence found roughly 3.2 billion compromised credentials in recent years and recorded infostealers capturing about 2.1 billion of those logins, underscoring the scale of fresh credential theft. (asisonline.org) Market analyses estimate as many as 15 billion stolen credentials circulate across darknet markets and Telegram channels, while specialist “stealer” logs harvested roughly 1.8 billion fresh logins in 2025 alone. (deepstrike.io) Threat reports link that supply chain directly to ransomware economics: ransomware incidents rose by about 179% in recent reporting, and cybercriminal supply services—initial access brokers—package valid credentials for RaaS affiliates on demand. (csoonline.com) National‑level espionage campaigns have also exploited harvested accounts; Microsoft tracks Russia‑affiliated cloud abuse clusters (Void Blizzard/APT descriptors) using credential harvesting, and CISA’s AA25‑239A advisory documents PRC APTs employing long‑running identity compromise techniques. (microsoft.com) Vendors and agencies are pushing risk‑based conditional access and real‑time anomalous‑login detection as core mitigations, while Microsoft and others are rolling out mandatory MFA policies for admin and cloud sign‑ins that vendors say block over 99% of automated account takeover attempts. (learn.microsoft.com) Security researchers warn legacy push‑based MFA is being bypassed by “MFA bombing” and AI‑assisted phishing, driving recommendations to adopt phishing‑resistant methods such as FIDO2/WebAuthn keys and adaptive authentication tied to continuous anomaly signals. (darkanalytics.com)
