Last year saw a 389 percent increase in account compromise threats compared to 2024 according to a new report from eSentire’s Threat Response Unit. The attempted theft of corporate account credentials, especially Microsoft 365 accounts, made up 50 percent of threats analyzed.
The findings, based on extensive threat and incident data collected from eSentire’s 2,000+ global customers, highlights the dramatic rise of Phishing-as-a-Service (PhaaS) offerings as a primary attack vector. Email-initiated account compromises rose from 36.9 percent to 55 percent of total security incidents, with PhaaS-related threats accounting for 63 percent of all account compromise cases.
“These PhaaS kits are not made up of simple templates; they are comprehensive, continuously updated offerings, designed to bypass modern security controls, such as Multi-Factor Authentication,” says Spence Hutchinson, senior manager of TRU and lead investigator for the report. “It is the widespread availability and continuous evolution of these PhaaS kits that are fueling the account takeover epidemic.”
Threat actors using PhaaS services like Tycoon2FA, FlowerStorm and EvilProxy to carry out Business Email Compromise (BEC) attacks can begin exploiting compromised accounts in as little as 14 minutes after initial compromise. TRU also observed that the time between initial compromise of a targeted account to exploitation was shortest when the attackers were going after businesses in the real estate, finance, retail and construction industries. Companies in these sectors regularly conduct large financial transactions and are perfect targets for payment redirection schemes, such as BEC, where attackers intercept and divert legitimate fund transfers to fraudulent accounts.
Among other findings, ransomware remained a top threat, particularly targeting the business services, construction and finance sectors, with Akira, RansomHub, Interlock, BlackBasta and Sinobi being the most active groups observed.
Malware-related threats remained a constant in 2025 making up 25 percent of the cyber cases worked by TRU. However, information stealer threats were the most prominent, cases involving stealers increased by 30 percent this past year, and 14 percent more distinct stealers were detected by TRU.
The software industry experienced the largest number of threat cases in 2025, showing nearly a 15 percent year-on-year increase. Manufacturing had the second largest number of threat cases and this sector saw a 32 percent increase in incidents in the past year. Business servicesd is in third place with and eight percent rise.
“Unfortunately, TRU does not see any of the top threats detailed in this report declining in 2026,” adds Hutchinson. “Highly skilled hackers have made it far too easy for inexperienced threat actors to compromise employees’ corporate accounts and ultimately their organizations, via sophisticated, turn-key criminal operations, such as PhaaS, Malware-as-a-Service, Ransomware-as-a-Service, etc. Add these very accessible and easy-to-use services to the capabilities AI technologies can give a threat actor, especially in the areas of malware development, phishing campaigns and deep fakes, and the barrier to entry into the cybercrime business is frighteningly low.”
You can read more on the eSentire site.
Image credit: Tsingha25/Dreamstime.com