Skip to content
Saturday, July 4, 2026
The TechBriefs
  • Home
  • Technology
  • AI
  • Computers
  • Security
  • Internet
  • Press Releases
    • GlobeNewswire
    • PRNewswire
  • Contact

Attackers don’t break in anymore, they log in instead

attackers-don’t-break-in-anymore,-they-log-in-instead
Attackers don’t break in anymore, they log in instead
Credentials login

A new report finds that attackers increasingly rely on compromised credentials, identity abuse, and trusted integrations rather than traditional malware-driven intrusion techniques.

The study from Ontinue draws on investigations conducted by its Advanced Threat Operations (ATO) team and telemetry from the Ontinue ION MXDR platform, it highlights how identity compromise has become the most common pathway into cloud environments.

“Attackers aren’t trying to break through defenses anymore, they’re logging in with stolen credentials,” says Balazs Greksza, director of Advanced Threat Operations at Ontinue. “Infostealers are feeding a growing underground market for corporate access. Once attackers obtain valid identities, they can bypass traditional security controls and move through environments as legitimate users, often without triggering the alarms organizations rely on.”

Identity-based attacks now dominate security investigations. Rather than exploiting software vulnerabilities, attackers increasingly rely on compromised credentials to gain direct access to cloud environments.

Infostealer malware plays a central role in this trend. Malware families such as LummaC2 harvest browser passwords, session cookies, and authentication tokens from infected systems. These stolen credentials are then packaged into ‘logs’ and sold through dark web marketplaces, allowing other threat actors to purchase ready-made access to corporate environments. Listings of stolen credentials linked to LummaC2 have increased by 72 percent on underground marketplaces.

The report also cites more than 7,000 ransomware incidents reported globally in 2025, with over 120 active ransomware groups operating across industries.

In addition there are signs that threat actors are beginning to use generative AI to accelerate the development of malicious tools. Analysis of several recovered webshells and commodity malware samples has revealed coding patterns consistent with LLM-assisted development.

Shane Barney, chief information security officer at Keeper Security, says, “As the Ontinue report notes, identity has become the attacker’s skeleton key. Instead of forcing their way through a firewall, adversaries are logging in with stolen credentials, hijacked tokens and abused permissions, then moving laterally under the cover of legitimacy. When identity controls are fragmented or overly permissive, attackers don’t need novel exploits. They just need access that looks routine. Identity now defines the enterprise perimeter. When every identity is governed with least privilege and continuously validated, a stolen credential becomes a contained event instead of an enterprise-wide incident.”

You can read more and get the full report on the Ontinue blog.

Image credit: Tsingha25/Dreamstime.com

Posted in Article, credential theft, cyberattacks, cybersecurity, Identity, Technology, user loginTagged Article, credential theft, cyberattacks, cybersecurity, Identity, user login

Post navigation

Previous: 7 settings to change on your new MacBook Neo that will get it up and running in record time
Next: Applied Intuition y LG Innotek firman una alianza para impulsar el desarrollo de vehículos autónomos

Related Posts

ai-won’t-replace-low-code/no-code-tools
  • Article
  • Artificial Intelligence (AI)
  • Developer tools
  • Development
  • low code
  • No code
  • Technology
  • Uncategorized

AI won’t replace low-code/no-code tools

  • Admin
  • April 3, 2025
  • 0

According to a new study, 76 percent of tech leaders say that AI will make their existing low-code/no-code tools more […]

almalinux-9.6-beta-released:-here’s-what-linux-users-need-to-know
  • AlmaLinux
  • AlmaLinux 9.6
  • Article
  • Enterprise Linux
  • kernel 5.14
  • Linux beta
  • Open Source
  • PHP 8.3
  • podman
  • QEMU-KVM
  • RHEL clone
  • Technology
  • Uncategorized

AlmaLinux 9.6 Beta released: Here’s what Linux users need to know

  • Admin
  • April 29, 2025
  • 0

AlmaLinux 9.6 Beta has officially been released (download here), giving Linux fans and enterprise users an early peek at what’s […]

corsair’s-vanguard-air-99-is-a-wireless-keyboard-that-blends-optical-switches-with-macro-controls
  • Article
  • corsair
  • keyboard
  • optical-mechanical keyboard
  • Technology
  • Vanguard Air 99 Wireless

Corsair’s Vanguard Air 99 is a wireless keyboard that blends optical switches with macro controls

  • Admin
  • March 18, 2026
  • 0

Corsair has launched the Vanguard Air 99 Wireless, a low-profile optical-mechanical keyboard that combines high-speed input with programmable controls and […]

  • Privacy Policy
  • Terms of use
Theme: Terminal News By Adore Themes.