Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks

Report shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access.

Like an inverted pyramid, the range of different attack modes are now built on top of the single point of identity abuse.

Stolen credentials are a major threat. Legitimate credentials illegitimately acquired provide legitimate access to illegitimate actors. Once inside the network, these bad actors have greater ability to move and act in stealth. The continuing rise in ransomware attacks bears testament.

The theft and resale of credentials operates on an industrial scale. Fueled by the rise of increasingly more sophisticated infostealers, stolen credentials are packaged into ‘logs’ and sold to criminals on the black market. Ontinue reports, “Listings tied to LummaC2 alone surged by 72%, with high-privilege cloud console credentials selling for $1,000–$15,000+.”

Ransomware has been one of the primary beneficiaries of ...