Malware designed to steal credentials from password stores now accounts for 25% of all malware activity—a dramatic threefold increase in this type of threat.
This was one of the findings of Picus Security’s annual cybersecurity analysis, The Red Report 2025. This is the first time that credentials theft has ranked among the top 10 techniques in the MITRE ATT&CK framework.
The report, based on an extensive review of over one million malware samples collected throughout 2024, also highlights how only 10 MITRE ATT&CK techniques were responsible for 93% of all malicious actions observed last year.
“SneakThief” Malware
Bad actors are always honing their techniques and using increasingly sophisticated strategies to get their hands on credentials. Memory scraping, registry harvesting, and compromising local and cloud-based password managers, are but a few of the tricks up their sleeves.
According to Dr Suleyman Ozarslan, co-founder and VP of Picus Labs, attackers are increasingly focusing on “the perfect heist,” using multi-stage operations that maximize stealth, persistence, and automation.
“Threat actors are leveraging sophisticated extraction methods to get their hands on credentials that give them the keys to the kingdom,” said Ozarslan. To prevent this, password managers must be used in conjunction with multi-factor authentication, and employees must never reuse a password, particularly for their password manager.
Other Key Findings
The report revealed some other key findings:
- Malware Complexity on the Rise: The average malware sample now contains 14 malicious actions, revealing an evolution in cyber threats that enables malefactors to execute complex multi-stage operations.
- Exfiltration and Stealth Tactics Surge: Adversaries executed 11.3 million stealth and exfiltration-related actions in 2024, often utilizing encrypted communication channels such as HTTPS and DNS-over-HTTPS (DoH). Tactics like process injection and application-layer protocols enable attackers to evade detection and persist within compromised environments.
- No Surge in AI-Powered Malware: Despite speculation surrounding AI-driven cyber threats, Picus Security’s research found no significant increase in AI-generated malware in 2024.
Stopping Malware in Its Tracks
According to Picus, CTO and co-founder Volkan Ertürk, security teams can significantly reduce risk by focusing on a limited number of attack techniques.
“Focusing on the top 10 MITRE ATT&CK techniques is the most viable way to stop the kill chain of sophisticated malware strains as early as possible,” said Ertürk. “SneakThief malware is not an exception—enterprise security teams can stop ninety percent of malware by concentrating on just 10 of MITRE’s entire library of techniques.”
Methodology
Picus Labs analyzed 1,094,744 malware samples collected between January and December 2024, identifying 14,010,853 malicious actions. These actions were systematically mapped to the MITRE ATT&CK framework to provide a comprehensive understanding of the evolving threat landscape.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.