The hunt for employee login details is in full swing. Hackers are increasingly targeting Microsoft Business Accounts, password vaults, bank and credit card accounts, crypto wallets, and other valuable accounts.
New figures from cybersecurity company eSentire show a sharp increase in identity-driven attacks. Between 2024 and the first quarter of 2025, eSentire’s Threat Response Unit (TRU) conducted 19,000 identity-related cyber investigations. Among eSentire’s customers, such attacks increased by 156 percent compared to 2023. In the first quarter of 2025, these incidents accounted for no less than 59 percent of all confirmed threats.
Hackers are increasingly opting for a direct route: obtaining login credentials and session cookies via phishing or malware. This allows them to carry out Business Email Compromise (BEC) attacks, gain access to bank accounts, or steal cryptocurrency. The days when cybercriminals had to force their way in via technical vulnerabilities seem to be over.
PhaaS platforms are gaining ground
A popular method is the use of Phishing-as-a-Service (PhaaS) platforms. Tycoon 2FA in particular is gaining ground rapidly and surpassed competitors such as Sneaky 2FA and EvilProxy in 2025. For between $200 and $300 per month, attackers gain access to ready-made phishing tools, templates, AitM technology to bypass MFA, and support in carrying out attacks.
Another weapon in hackers’ arsenal is infostealers such as Lumma Stealer. This malware is sold as a service on Russian forums and is responsible for millions of stolen accounts. Lumma extracts passwords, session cookies, crypto wallet data, browser extensions, and documents from infected systems. Despite a coordinated action by the FBI and Microsoft in May 2025, the platform remains active.
Infostealers offer immediate profit opportunities
Infostealer logs are sold on underground marketplaces for as little as ten dollars each. Each log contains data from one infected computer, often with dozens of login credentials. Platforms such as Russian Market offer search and filter options to quickly find specific targets or types of accounts.
According to eSentire, infostealers currently account for 35 percent of all detected malware threats. The low cost, high effectiveness, and immediate profit opportunities make identity attacks particularly attractive to cybercriminals.
eSentire warns that this trend is not likely to abate anytime soon. The company advises organizations to focus their security efforts on phish-resistant authentication and Zero Trust principles.