Introduction
In 2024 [1] [3] [4] [5] [6] [7] [9] [10], the landscape of cyber threats has evolved significantly, with credential theft becoming a predominant method of intrusion. This shift is largely attributed to the rise of AI-generated phishing emails, which have facilitated a surge in infostealer attacks. As cybercriminals adapt to advancements in detection technologies, they increasingly focus on exploiting identity vulnerabilities within complex hybrid cloud environments.
Description
Threat actors have significantly escalated their credential theft activities [2] [8], with user identity abuse emerging as the primary entry point for attackers in 2024 [3], accounting for approximately 30% of intrusions. This surge is largely driven by a notable increase in AI-generated phishing emails, which have seen an 84% year-over-year rise in emails delivering infostealers, a method heavily utilized by cybercriminals for credential theft [7]. Recent findings indicate that the use of AI has enabled the mass generation of highly convincing phishing emails and the development of sophisticated adversary-in-the-middle (AITM) phishing kits and custom AITM attack services marketed on the dark web to bypass multi-factor authentication (MFA). This technology enhances social engineering campaigns and information operations [1], allowing for the rapid creation of phishing emails and deepfakes [1], which amplify the effectiveness of infostealers and facilitate faster [1], lower-cost intrusions [1].
Early data for 2025 suggests a staggering 180% increase in phishing emails delivering infostealers compared to 2023, making credential phishing and infostealers more accessible and profitable for cybercriminals [5]. Analysis has shown that nearly one in three analyzed infostealer attacks resulted in credential theft, as attackers exploited identity gaps in complex hybrid cloud environments [6] [7] [8] [9], enabling them to access data quickly while evading detection [4]. This trend is exacerbated by a thriving dark web market for stolen credentials, where the top five infostealers featured in over 8 million advertisements collectively contain hundreds of millions of stolen credentials [9]. There has been a 12% year-over-year increase in the availability of infostealer credentials for sale on the dark web [10].
In response to enhanced endpoint detection and response (EDR) solutions that effectively identify backdoor intrusions [10], attackers are increasingly focusing on credential theft rather than data encryption. This shift is driven by advancements in detection technologies and intensified law enforcement efforts that compel them to seek quicker exit strategies [10]. Mark Hughes [8] [9], global managing partner of cybersecurity services at IBM [8] [9], noted that attackers often exploit identity gaps in complex hybrid cloud environments [6] [7] [8] [9], allowing them to infiltrate systems without traditional break-in methods [6].
The global average cost of a data breach reached $4.88 million in 2024 [1], underscoring the growing impact of these attacks [1]. To combat these evolving threats, businesses are advised to adopt proactive measures [8] [9], including monitoring the dark web for information about their organization [6] [9], modernizing authentication management [8] [9], enhancing multi-factor authentication for all users accessing systems and data [6] [9], training employees on phishing and password security [6] [9], establishing an incident response plan [6] [9], safeguarding sensitive data through encryption and access controls [6] [9], streamlining identity management tools [6] [9], leveraging AI for threat detection [6] [9], and engaging in real-time threat hunting to identify hidden threats before they compromise sensitive data [8].
Conclusion
The escalation of credential theft activities, driven by AI-generated phishing and infostealers, poses significant challenges to cybersecurity. As attackers exploit identity vulnerabilities, businesses must adopt comprehensive strategies to mitigate these threats. Proactive measures [6] [8], such as enhancing authentication protocols, monitoring the dark web [3] [5] [6] [7] [9] [10], and leveraging AI for threat detection [6] [9], are crucial in safeguarding sensitive data. The evolving threat landscape necessitates continuous adaptation and vigilance to protect against future cyber intrusions.
References
[1] https://security-storage-und-channel-germany.de/ibm-x-force-2025-threat-intelligence-index/
[2] https://ciso2ciso.com/identity-attacks-now-comprise-a-third-of-intrusions-source-www-infosecurity-magazine-com/
[3] https://www.ibm.com/think/x-force/x-force-threat-intelligence-index-2025-attackers-steal-sell-user-identities
[4] https://siliconangle.com/2025/04/17/ibm-x-force-report-finds-shift-ransomware-credential-theft-2024/
[5] https://newsroom.ibm.com/2025-04-17-2025-ibm-x-force-threat-index-large-scale-credential-theft-escalates,-threat-actors-pivot-to-stealthier-tactics
[6] https://www.threatshub.org/blog/data-stealing-cyberattacks-are-surging-7-ways-to-protect-yourself-and-your-business/
[7] https://www.stocktitan.net/news/IBM/2025-ibm-x-force-threat-index-large-scale-credential-theft-escalates-y5yx6lvsphkl.html
[8] https://www.infosecurity-magazine.com/news/identity-attacks-now-comprise/
[9] https://www.zdnet.com/article/data-stealing-cyberattacks-are-surging-7-ways-to-protect-yourself-and-your-business/
[10] https://www.networkworld.com/article/3964980/ibm-x-force-stealthy-attacks-on-the-rise-toolkits-targeting-ai-emerge.html
