In recent years, the increasing prevalence of credential theft has become an alarming issue in the cybersecurity landscape, and 2024 has seen this threat rise to unprecedented levels. Recent analysis of over a million malware samples has revealed that 25% of these samples were explicitly aimed at stealing user credentials. This substantial increase from 2023 has resulted in credential theft ascending to one of the top 10 techniques in the MITRE ATT&CK framework, now comprising 93% of malicious cyber activity in 2024. This surge mirrors a broader trend toward more sophisticated and targeted cyberattacks.
Unlike traditional malware, “SneakThief” operates with a high degree of stealth and automation, enabling threat actors to carry out prolonged, multi-stage attacks that often go undetected. Currently, this type of malware is capable of performing up to 14 malicious actions on average, significantly raising the stakes for defense mechanisms that must be implemented to counter these threats.
Despite the increasing complexity of these malicious programs, Picus Security’s research has not yet encountered AI-driven malware. Instead, threat actors continue to rely on traditional techniques, although they are employed with a level of sophistication that allows them to evade defenses and exfiltrate data effectively. This revelation, communicated by Picus’ CTO Volkan Ertürk, emphasizes the importance of prioritizing the most prevalent and dangerous MITRE ATT&CK techniques to thwart complex malware operations.
The rise in credential theft in 2024 serves as a stark reminder for organizations to bolster their defenses by staying ahead of these advanced threats. Implementing robust authentication methods, continuous monitoring, employee training, and investing in cutting-edge cybersecurity solutions will be pivotal in mitigating this growing epidemic of credential theft.