According to cybersecurity researchers at eSentire, infostealer malware and advanced phishing toolkits are behind a massive 156% jump in cyberattacks targeting user logins and identity information impacting both office and remote workers.
eSentire’s report, shared with Hackread.com also noted attackers increasingly focusing on stealing login details and session cookies, which they then use to commit financial crimes like Business Email Compromise (BEC) and cryptocurrency theft.
The Rise of Phishing and Infostealers-as-a-Service
A key factor driving this surge, as per the report (PDF) is the availability of Phishing-as-a-Service (PhaaS) platforms, which lower the technical skill and cost needed for criminals to launch attacks. Platforms like Tycoon 2FA, for example, offer pre-made phishing pages for popular platforms like Microsoft 365 and Google Workspace for as little as $200 to $300 per month.
These services use clever Adversary-in-the-Middle (AitM) techniques, acting as a go-between to capture login credentials and even authentication tokens in real-time, often bypassing multi-factor authentication (MFA) within minutes. BEC cases, specifically, have seen a 60% year-on-year increase, making up 41% of all attacks in the first quarter of 2025.
A recent State of Browser Security Report by Menlo Security identified over 752,000 browser-based phishing attacks across more than 800 businesses, a 140% increase from the previous year, highlighting how browsers have become a major target. This trend also includes an emerging infostealer named Acreed, first seen in February 2025, which is now competing in these dark online markets, especially after law enforcement disrupted the infrastructure of another prominent infostealer, Lumma Stealer, in May 2025.
Protecting Your Online Identity
The rapid shift from opportunistic attacks to systematic, service-driven operations means that criminals are moving from stealing credentials to committing fraud within hours. With 78% of identified PhaaS operations originating from the United States (though this often reflects hosting location, not the attacker’s true base), the global reach of these threats is significant.
Organizations and individuals are strongly advised to enhance their cybersecurity. This includes adopting phishing-resistant authentication methods, establishing continuous monitoring for unusual login attempts or changes, and remaining alert about unsolicited emails and attachments. The speed and sophistication of these identity-based attacks make proactive defence measures more critical than ever.
“This report effectively mirrors the trends observed by Ontinue’s Cyber Defense Center over the past year. With the rise of a lucrative underground economy powered by Phishing-as-a-Service (PhaaS) platforms like Tycoon2FA, even low-skilled threat actors can now gain initial access without exploiting technical vulnerabilities,“ said Will Bailey, Senior SOC Analyst at Ontinue.
“As a result, phishing and identity-based attacks have become a persistent cat-and-mouse game between attackers and defenders,“ Will warned. “This underscores the critical need for a 24/7 Managed Detection and Response (MDR) service that includes identity threat detection and response enabling organizations to revoke session tokens and terminate active sessions in real time,“ he advised.
