Access‑first attacker shift

IBM X‑Force recorded an 84% year‑over‑year increase in emails delivering information‑stealing malware in 2024, noting lower‑profile credential theft rose while enterprise ransomware declined. (newsroom.ibm.com) KELA‑sourced analysis put 2024 infections at roughly 4.3 million machines and about 330 million stolen credentials circulating in criminal markets. (safetydetectives.com) Independent trackers flagged even larger exposure figures, with reporting that infostealer activity left billions of credential records exposed across 2023–2024 datasets. (itpro.com) Recorded Future’s 2026 Identity Threat Landscape found credential theft is now the dominant initial‑access vector for enterprise breaches, reflecting a market where stolen logins and session data feed access brokers. (recordedfuture.com) Vendors and industry surveys show defenders responding with identity‑centric controls: Okta reported workforce MFA adoption near 70% in 2025, while Microsoft has pushed phishing‑resistant MFA to 92% of its employee productivity accounts in recent rollouts. (okta.com) Zero‑Trust uptake has accelerated alongside identity controls, with Gartner reporting 63% of organizations had fully or partially implemented a Zero‑Trust strategy as of April 2024. (gartner.com) Lunar, the open breach‑monitoring platform powered by Webz.io, added free leaked session‑cookie monitoring in March 2026 to surface cookies and stealer‑sourced session data that can defeat passwords, MFA, or SSO. (prweb.com) Early adopters and vendor case studies say Lunar’s dark‑web exposure feeds have shortened detection and response cycles for compromised credentials in operational use‑cases. (jwtechwriter.com)