Alarming Report: The Simple Attack That’s Breaching Half of Corporate Networks
Amid the escalating wave of cyberthreats—particularly from advanced threat groups—one of the most dangerous yet persistently underestimated attack vectors remains almost unchanged: the compromise of user accounts through password guessing. According to the newly published Blue Report 2025 by Picus Security, the use of valid credentials continues to provide attackers with the most reliable pathway into corporate networks.
The report, based on 160 million simulated attacks conducted across IT infrastructures worldwide using Picus Security’s platform, highlights a troubling surge in successful password-guessing intrusions during the first half of 2025. While last year such attacks succeeded in 25% of attempts, this year the success rate has risen to 46%. This alarming growth is attributed to weak passwords, outdated hashing algorithms, and the absence of fundamental security controls.
Despite widespread awareness of the risks, many organizations still rely on insecure password storage practices, such as using algorithms without proper salting or neglecting multifactor authentication entirely. Internal services have proven especially vulnerable, as their security controls are often far weaker than those of external-facing systems. The study revealed that in 46% of examined environments, at least one password hash was successfully cracked and restored to plaintext.
Such weaknesses enable not only initial access but also stealthy lateral movement within networks. Armed with legitimate credentials, attackers can bypass traditional defenses, escalate privileges, and gain access to sensitive data. The report stresses that these actions often remain undetected, allowing adversaries to persist within systems for extended periods, exfiltrate information, and prepare further attacks.
The analysis highlights in particular the MITRE ATT&CK technique T1078 — Valid Accounts, which proved to be the most frequently exploited, with a 98% success rate. In practice, this means that once an attacker acquires valid credentials—regardless of how—they can almost inevitably advance deeper into the network.
Given this stark reality, experts emphasize the necessity of comprehensive defense strategies: strict password policies, regular key rotation, and universal enforcement of multifactor authentication. Organizations must also abandon legacy hashing algorithms in favor of modern cryptographic standards, while deploying behavioral analytics and attack simulation tools to continuously validate the effectiveness of their defenses.
Equally critical is the monitoring of outbound traffic and the deployment of robust data loss prevention (DLP) systems. Without effective oversight of information flow both inside and beyond the network perimeter, detecting malicious activity in time becomes nearly impossible.
In conclusion, the report underscores that modern attacks increasingly masquerade as legitimate activity. As such, organizations must move beyond strengthening perimeter defenses and instead rethink access management and identity governance. The absence of advanced authentication and monitoring mechanisms creates ideal conditions for adversaries to maintain a quiet yet devastating foothold within corporate networks.
