Threats Targeting Employee Credentials Surge 389 Percent

Credentials are being stolen in as little as 14 minutes.

Protection Background Technology Security 524882074 701x502 (1)
February 5, 2026

Global cybersecurity solutions provider eSentire offers their report on the threat landscape for 2026 entitled The Industrialization of Cybercrime: Identities are Under Attack. Included in the findings was a 389 percent increase in account compromise identity-based threats.  

In the past year, the attempted theft of corporate account credentials, especially Microsoft 365 accounts, made up 50 percent of the attacks analyzed by eSentire's security research and elite threat hunting team, the Threat Response Unit(TRU).  

Based on threat and incident data the findings highlight the dramatic rise of Phishing-as-a-Service (PhaaS) offerings as a primary attack vector. Email-initiated account compromises rose from 37 percent to 55 percent of total security incidents, with PhaaS-related threats accounting for 63 percent of all accounts compromised. 

A Profitable End Game

The report reveals that threat actors are using PhaaS operations like Tycoon2FA, FlowerStorm and EvilProxy to carry out Business Email Compromise (BEC) attacks. The hackers can initiate BEC actions, such as creating inbox forwarding rules in as little as 14 minutes, after they have captured a target’s corporate login credentials and session token and successfully entered the target’s IT network. 

BEC attacks continue to be a top threat for companies, as evident by the billions of dollars businesses are losing annually to this threat.  The FBI's Internet Crime Complaint Center reported $2.8 billion in losses from BEC attacks in 2024 alone. Additional findings include:

  • Email bombing combined with IT Helpdesk impersonation attacks increased 14x year over year.
  • The ClickFix lure, used as an initial access vector, increased nearly 300 percent and represents over 30 percent of all malware delivery cases.
  • Malware-related threats continued to be constant, making up 25 percent of the cyber cases worked by TRU. Information stealer threats were the most prominent among them, increasing 30 percent, with 14 percent more distinct stealers detected.
  • The Software industry experienced the most threat cases, followed by Manufacturing, which saw a 32 percent increase.
  • TRU does not see any of the top threats detailed in this report declining in 2026.

The full eSentire report is available here.

Related Stories
Insider Threat Leo Wolfert
Cybersecurity
Shadow AI Threats Grow
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
Coding
Cybersecurity
The Domino Effect of a Data Breach
Ai Your Photo
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
More in Cybersecurity
Cybersecurity
Automotive Ransomware Attacks More Than Doubled in 2025
More AI, expanded autonomous technologies and evolving threat actors are elevating cyber risks.
Automobile Cockpit, Various Information Monitors And Head Up Displays
Cybersecurity
SBOM Regs Rolled Back
The two Biden-era memoranda required agencies to obtain software security attestations before deployment.
Us Binary Flag Mirsad Sarajlic
Cybersecurity
Shadow AI Threats Grow
Productivity pressures are pushing many to bypass safeguards, increasing exposure to data leaks.
Insider Threat Leo Wolfert
Cybersecurity
Report Shows AI-Enabled Threats As Top Concern
AI could help hackers take greater advantage of visibility shortcomings.
Computer Crime Concept 516607038 2125x1416 (1)
Cybersecurity
The Domino Effect of a Data Breach
Here are some strategies to detect breaches faster and limit their capacity for damage.
Coding
Cybersecurity
AI Won’t Replace the Cybersecurity Workforce, But It Will Redefine It
AI is framed as a multi-faceted solution, but the conversation often goes off course.
Ai Your Photo
Cybersecurity
Security Breach: Strengthening Your Weakest Links
All the little things can kill a cybersecurity strategy, but there are ways to tie them all together.
Ep157
Cybersecurity
The Rise of Identity and Data Security Dependency
Predictions on what will shape industrial cybersecurity in 2026 and beyond.
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Securing the Edge in AI-Enabled Smart Factories
Growing data needs have manufacturers between a rock and a hard place.
Sase Supatman
Cybersecurity
How AI Is Transforming Cybersecurity Threats in 2026
Social engineering, deep fakes and more will benefit from the evolution of artificial intelligence.
Deepfake Orhan Turan
Cybersecurity
Inside The Mind of a Hacker
The report details how hackers are moving to a more collaborative, AI-enhanced approach.
General Cyberattack
Cybersecurity
Hacktivists Are an Overlooked Threat, but That Threat Is Increasing
Larger attack surfaces and complex supply chains offer opportunities for greater chaos.
Russian Hacker Dmitry Nogaev
Page 1 of 55
Next Page