Credential abuse has become the preferred method for cyberattackers, surpassing traditional malware, according to a report by Kaspersky Security Services. As reported by BusinessWorld, the shift in tactics has allowed criminals to more effectively evade detection while accessing user data.

In 2025, attackers found greater success through techniques such as password guessing and misuse of valid accounts. This approach reduces reliance on malicious software, making it harder for security systems to identify breaches. The report highlights a growing trend where cybercriminals exploit weak or stolen credentials as a primary entry point.

Kaspersky’s findings underscore the need for organizations to strengthen authentication measures, such as implementing multi-factor authentication and monitoring for unusual account activity. The shift away from malware emphasizes that human factors and password hygiene remain critical vulnerabilities in cybersecurity defenses.