Cybercriminals Are Outsmarting Security Software With a Shockingly Simple Trick

0Shares

Cybercriminals are increasingly bypassing traditional security software not by deploying sophisticated malware, but by using something far simpler: legitimate login credentials. A new global report from Kaspersky Security Services reveals that attackers are moving away from noisy cyberattacks that trigger security alerts and instead quietly gaining access through stolen or guessed passwords, allowing them to blend in with normal user activity.

The findings, published in Kaspersky’s “Anatomy of a Cyber World” report, highlight a growing cybersecurity trend in 2025 in which identity-based attacks have become some of the most effective methods for compromising organizations. Drawing on data from Kaspersky Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessment and SOC Consulting, the report shows that attackers are increasingly exploiting trusted accounts to evade detection and maintain long-term access to corporate networks.

Cybersecurity experts warn that compromised accounts are replacing malware in many attacks.
Cybersecurity experts warn that compromised accounts are replacing malware in many attacks.

Passwords Become Hackers’ Biggest Weapon

Among the most successful attack techniques identified in the report, password guessing ranked highest with a 34.8% conversion rate. The tactic involves systematically trying different password combinations until attackers successfully gain access to an account, a method that continues to succeed against organizations using weak or reused passwords.

Closely behind was local account creation at 34.7%, where attackers establish new accounts after infiltrating a system to maintain access even if their original point of entry is discovered. Kaspersky noted that while this activity can be detected, many organizations lack the telemetry needed to identify it quickly.

Valid account abuse ranked third at 34.5%, underscoring a broader shift in cybercriminal tactics. Rather than deploying malware, attackers simply log in using stolen or compromised credentials, making their activity appear legitimate and significantly harder for traditional security tools to detect.

The report also found that account manipulation accounted for 32% of confirmed malicious incidents. Attackers often strengthen their foothold by activating disabled accounts, modifying permissions or group memberships, or escalating privileges without introducing additional software that could raise suspicion.

Related Post:  Surfshark launches Antiscam Hub on iOS to strengthen protection against online scams
Kaspersky's latest report highlights the rise of identity-based cyberattacks.
Kaspersky’s latest report highlights the rise of identity-based cyberattacks.

Attackers Hide in Plain Sight

Network service discovery rounded out the top five techniques with a 31.2% conversion rate. Before moving deeper into a compromised environment, attackers frequently scan accessible systems and network services, allowing them to identify additional targets for lateral movement across an organization’s infrastructure.

According to Kaspersky, the findings demonstrate why security teams should prioritize monitoring attacker behavior rather than relying solely on malware detection. While the MITRE ATT&CK® framework catalogs a broad range of adversary techniques, focusing on behaviors most likely to indicate malicious activity can help organizations improve detection while reducing false positives.

“Threat actors do not always need sophisticated malware to achieve their objectives. In many cases, legitimate administrative tools and compromised accounts remain the fastest and most effective way to move inside an organization while avoiding detection. The continued popularity of these techniques shows that organizations need deep visibility into attacker behavior and the ability to correlate suspicious activity across different stages of an attack. To address these challenges, companies can enhance their security with our solutions: Kaspersky Managed Detection and Response and Incident Response, which cover the entire incident management cycle—from threat detection to continuous protection and remediation,” said Sergey Soldatov, Head of Security Operations Center at Kaspersky.

As cyber threats continue to evolve, the report suggests that protecting user identities and strengthening credential security have become just as critical as defending against malware. For organizations, preventing password compromise and detecting unusual account activity may now be the key to stopping some of the most effective cyberattacks in 2025.

0Shares

Leave a Reply