• Home
• Technology

A global comprehensive report compiled by Kaspersky Security Services has revealed that password guessing and the exploitation of legitimate accounts constituted some of the most successful methodologies deployed by cybercriminals throughout 2025. The data signals a calculated tactical evolution among threat actors, who are intentionally avoiding traditional malware campaigns—which typically trigger endpoint detection system alarms—in favor of credential abuse to maintain low-profile persistence within compromised networks.

Statistical Breakdown of Attack Indicators The specialized report, titled "Anatomy of a Cyber World," aggregates global telemetry captured by Kaspersky’s Managed Detection and Response (MDR), Incident Response (IR), compromise assessment, and Security Operations Center (SOC) consulting divisions. The analysis ranks threat-actor behaviors by their conversion rates within the MITRE ATT&CK® matrix, which measures the ratio of verified, actionable threats against total generated system alerts.

Password Guessing: Ranked as the premier vector with a 34.8% conversion rate. Threat actors leverage automated, systematic brute-force protocols to break into corporate profiles, a vulnerability highly accelerated by weak or reused employee credentials.

Local Account Creation: Secured a 34.7% conversion rate. Following initial network penetration, attackers spin up fresh local administrator accounts to defend their operational persistence even if the original entry point is sealed.

Trusted Account Abuse: Registered a 34.5% conversion rate. Attackers deploy previously compromised, valid corporate credentials to blend seamlessly into routine operational telemetry, heavily complicating detection by masquerading as standard users.

Account Manipulation: Logged a 32% conversion rate. Hackers modify existing profiles—such as reactivating dormant accounts or escalating group privileges—relying entirely on native system resources rather than injecting foreign tools.

Network Service Discovery: Charted a 31.2% conversion rate. Attackers audit active ports and open services to map potential lateral movement vectors before executing deeper data exfiltration phases.

Expert Operational Guidance Sergey Soldatov, Head of Security Operations Center at Kaspersky, emphasized that contemporary hackers rarely require highly complex malware to achieve their targets. Legitimate administrative tools and hijacked credentials serve as the fastest, most effective vectors to navigate corporate environments undetected. Soldatov stressed that defending against these identity-centric anomalies requires granular visibility into user behavior and real-time cross-referencing of suspicious activities across the entire attack chain. To mitigate these threats, Kaspersky urges enterprises to deploy comprehensive MDR and IR frameworks capable of managing the full incident response lifecycle from initial anomaly detection to continuous threat remediation.