Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Cybercriminals

The Identity Epidemic: eSentire Reports a 389% Surge in Account Takeovers

by Nam Phong · January 21, 2026

To infiltrate a corporate network, adversaries are increasingly eschewing the search for server vulnerabilities or the deployment of intricate exploits. It has proven far more lucrative to adopt a simpler, more clandestine approach: usurping an individual’s digital credentials to merely walk through the front door. According to the eSentire TRU report, digital identity emerged as the preeminent target of assaults in 2025, as cybercrime increasingly mirrors a legitimate industry characterized by turn-key services and a transparent economic structure.

The primary engine of this industrialization is the proliferation of Phishing-as-a-Service (PhaaS) platforms, which provide a comprehensive infrastructure for phishing endeavors. The report indicates that for a modest monthly subscription of $200–$300, a novice antagonist can acquire a service capable of circumventing multi-factor authentication, intercepting session tokens in real-time, and delivering compromised accounts to those poised for rapid monetization.

The magnitude of this shift is starkly evident in the eSentire TRU statistics. Account compromise accounted for half of all observations by the team, marking a staggering 389% increase compared to 2024. The authors articulate this succinctly: why endeavor to break in when one can simply log in? Simultaneously, the exploitation of remote administration tools is gaining momentum; the misuse of Remote Monitoring and Management (RMM) software saw a 143% year-over-year surge.

Researchers further observe that compromise increasingly originates via electronic correspondence. The proportion of incidents where initial access was secured through email rose from 36.9% in 2024 to 54.8% in 2025, with 63% of all account takeovers linked directly to PhaaS operations. These schemes frequently employ an Adversary-in-the-Middle (AiTM) approach, guiding the victim to a proxy login page to harvest not only passwords but active session tokens during the authentication process.

The velocity of these incursions has become a distressing new standard. In an analysis of 100 incidents involving the Tycoon2FA platform, adversaries commenced exploitation an average of fourteen minutes after the theft of credentials. In practical terms, the interval between a user entering a password and an intruder altering email forwarding rules may be briefer than a cursory departmental meeting.

Concurrently, there is a rising prevalence of attacks where the user is manipulated into executing malicious code manually. A prominent example is ClickFix (or FakeCaptcha). The report notes that in 2025, ClickFix incidents grew from 7.8% to 30.7% of all malware delivery cases—a nearly 300% year-over-year increase—with researchers documenting over 65 distinct intrusion chains utilizing this technique. The scenario typically involves fraudulent CAPTCHAs or simulated browser errors, persuading the victim to select “Fix It,” copy a command, and execute it via the Windows Run dialog or PowerShell.

Another burgeoning trend mirrors the tactics of fraudulent call centers but culminates in a technical breach. Email bombing in conjunction with “IT Support” vishing grew fourteen-fold year-over-year, becoming the fastest-growing threat category. The victim’s inbox is first inundated with spam; subsequently, an actor contacts them via Microsoft Teams, posing as technical support. Under the guise of assistance, they secure remote access. In certain instances, this chain concluded with the deployment of Black Basta ransomware, with vishing success rates estimated at an alarming 72%.

The authors’ conclusion is uncompromising: contemporary assaults move with greater celerity than traditional defenses. Organizations relying on retrospective log analysis or operating solely within standard business hours find themselves in a position of inherent weakness. Consequently, the strategic focus is shifting toward continuous identity monitoring and rapid anomalous behavior response. In an era where intruders “simply walk in,” the strength of the perimeter walls matters less than the speed at which an illegitimate session can be identified and terminated.

Related coverage

  • Operation First Light 2026: 5,811 Arrested in Global Fraud Bust
  • IRIS C2 Cybersecurity Startup Secretly Run by Fraudsters
  • UNK_MassTraction Hits University Roundcube Servers
  • UAT-7810 Router Attacks: Inside the LapDogs ORB Network
  • Kairos Data Extortion: $1M Cyber Crisis

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: Account CompromiseBlack BastaClickFixCybersecurity 2026eSentire TRUIdentity SecurityInfosecPhaaSTycoon2FAVishing

Follow:

  • Next story The Browser Trap: KongTuke’s “CrashFix” Extension Turns Chrome into a Backdoor
  • Previous story The Dragon’s Hub: Researchers Unmask 18,000 Malicious C2 Servers Inside China

  • Recent Posts
  • Popular Posts
  • Tags
  • ACSC CMS exploitation campaign web shells installed via WordPress and Joomla CVEs globally

    Cybercriminals

    ACSC Warns: CMS Campaign Installs Web Shells via 17 CVEs

    July 14, 2026

  • U-Boot FIT image signature verification vulnerabilities CVE Binarly bootloader exploit firmware

    Vulnerability

    6 U-Boot Vulnerabilities Let Attackers Hijack Boot Process

    July 14, 2026

  • Progress Software ShareFile Storage Zone Controller shut down over external threat CVE-2026-2699

    Vulnerability

    Progress Software Shuts Down ShareFile Over External Threat

    July 14, 2026

  • Diagram illustrating the jscrambler supply chain attack and IronWorm malware infection process

    Malware

    Jscrambler Supply Chain Attack Analysis

    July 14, 2026

  • GhostCommit AI vulnerability diagram illustrating prompt injection against AI coding assistants

    Vulnerability

    The GhostCommit Vulnerability: AI Assistants Weaponized via Images

    July 14, 2026

  • Apache Camel vulnerabilities enabling server-side request forgery and authentication bypass in JMS and WebSocket connectors

    Vulnerability

    Apache Camel Patches Five High-Severity Vulnerabilities

    July 9, 2026

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • Solus 4.4 Fortitude releases, Linux distribution

    Linux

    Solus 4.4 Fortitude releases, Linux distribution

    January 26, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro