As a security expert, it’s easy to get caught up in a race to counter the latest advanced enemy techniques. However, the most influential attacks are often not due to cutting-edge exploits, but rather to cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security’s Blue Report 2025 shows that organizations continue to struggle to prevent password cracking attacks and detect malicious use of compromised accounts.
Behind the first half of 2025, the compromised and valid accounts remain the most inadequate attack vector, highlighting the urgent need for a proactive approach focusing on threats that are circumventing organizational defenses.
Wake-up Call: Amazing Increase in Password Cracking Success
Picus Blue Report is an annual research publication that analyzes how well an organization is preventing and detecting real cyber threats. Unlike traditional reports that focus solely on threat trends and survey data, the Blue Report is based on empirical findings from over 160 million attack simulations conducted within networks of organizations around the world using the PICUS security verification platform.
In Blue Report 2025, Picus Labs found that password cracking attempts were successful at 46% of tested environments, almost double the success rate since last year. This rapid rise highlights the underlying weaknesses of the way organizations manage or mismanage password policies. Weak passwords and outdated hash algorithms continue to leave critical systems vulnerable to attackers in order to use brute force or rainbow table attacks to gain unauthorized access.
This finding poses a serious problem given that password cracks are the oldest and most certainly one of the most effective attack methods. In the race to combat the latest and most sophisticated new species of threats, many organizations have failed to adopt, integrate, and integrate with modern authentication practices into defense.
Why organizations can’t prevent password cracking attacks
So why can’t organizations still prevent password cracking attacks? The root cause is the continued use of weak passwords and outdated qualification storage methods. Many organizations still rely on easily guessable passwords and weak hashing algorithms, without using proper salting techniques or multi-factor authentication (MFA).
In fact, our findings showed that at least one password hash has been cracked and converted to cleartext in 46% of the environment. This particularly highlights the insufficient password policies for many internal accounts.
To combat this, organizations need to implement stronger password policies, implement multi-factor authentication (MFA) for all users, and verify their qualification defenses on a regular basis. Without these improvements, attackers will continue to compromise on valid accounts and have easy access to critical systems.
Qualification-based attacks: Quiet but devastating threats
The threat of qualification abuse is broad and dangerous, but as Blue Report 2025 highlights, organizations are still inadequate for this form of attack. Also, once an attacker has valid credentials, it can easily move sideways, escalate privileges and compromise critical systems.
Infostealers and Ransomware groups rely on stolen credentials to spread across the network, digging holes deeper and deeper, often without triggering detection. This stealthy movement within the network allows attackers to freely remove data while maintaining long residence times undetected.
Despite this continuous and well-known problem, organizations continue to prioritize perimeter defense, often overlooking identity and qualification protection, resulting in underfunding. This year’s Blue Report clearly shows that abuse of valid accounts is at the heart of the latest cyberattacks, reinforcing the urgent need to focus on identity security and certification verification.
Valid Accounts (T1078): Most misused path to compromise
One of the key findings from Blue Report 2025 is that valid accounts (Miter ATT & CK T1078) are still the most exploited attack techniques, with regard to success rates of 98%. This means that accessing valid credentials, whether password cracking or initial access brokers, allows attackers to quickly move their organization’s network and often bypass traditional defenses.
Using compromised credentials is particularly effective as it allows attackers to operate under the radar and makes it difficult for security teams to detect malicious activity. Once inside, it blends seamlessly with legitimate user activity, accessing sensitive data, deploying malware, and creating new attack paths.
How to Strengthen Protection Against Eligibility Abuse and Password Cracking
To protect against increasingly effective attacks, organizations need to implement stronger password policies, implement complexity requirements, and eliminate old hashing algorithms in favor of safer alternatives. It is also essential to employ Multifactor Authentication (MFA) for all confidential accounts. Even if your credentials are compromised, attackers don’t just use them to access the network without any additional verification steps.
Regularly verifying qualification defenses from simulated attacks is important to identify vulnerabilities and ensure that controls are running as expected. Organizations should also enhance their behavior detection capabilities to catch abnormal activities related to qualification abuse and lateral movement.
Additionally, monitoring and inspecting outbound traffic for signs of data delamination and ensuring that both data loss prevention (DLP) measurements are in place and operate effectively is important to protect your sensitive information.
Close the gap between credentials and password management
The Blue Report 2025 findings show that unfortunately many organizations are still vulnerable to cracked passwords and silent threats of compromised accounts. Also, while strengthening perimeter defense remains a priority, it is clear that the weaknesses at the core are qualification management and internal controls. The report also highlighted the fact that Infosteelers and ransomware groups are effectively leveraging these gaps.
If you are ready to step up your security attitude, reduce exposure and take proactive steps to prioritize critical vulnerabilities, Blue Report 2025 offers valuable insights to show where you want to focus. And at Picus Security, we are always happy to talk about helping your organization meet your specific security needs.
Don’t forget to get a copy of Blue Report 2025 and take proactive steps today to improve your security attitude.
Source link
