Hackers had a busy year in 2025,
contributing to a 389% increase YoY in account compromise threats, according to “The Industrialization of Cybercrime: Identities are Under Attack,” a study by eSentire.
The
year also saw a dramatic rise in phishing-as-a-service (PhaaS) offerings. Email account compromises made up 55% of all security incidents, and PhaaS-related threats accounted for 63%.
"These PhaaS kits are not made up of simple templates; they are comprehensive, continuously updated offerings, designed to bypass modern security controls, such as Multi-Factor Authentication,"
says Spence Hutchinson, senior manager of the company’s Threat Response Unit (TRU) and lead investigator for the report, in a statement. "It is the widespread availability and
continuous evolution of these PhaaS kits that are fueling the account takeover epidemic that is impacting businesses."
advertisement
advertisement
Threat actors are using PhaaS operations like Tycoon2FA, FlowerStorm and
EvilProxy to carry out business email compromise (BEC) attacks, the report adds.
Hackers can initiate BEC actions like creating inbox forwarding rules in 14 minutes.
Companies in the real estate, retail and construction fields are especially vulnerable to BEC attacks given that they regularly conduct large financial transactions and can be targeted for fund
transfers to fraudulent accounts.
In 2024, BEC attacks caused $2.8 billion in losses, according to the FBI's Internet Crime Complaint Center.
Here are some more
findings:
- Email bombing and IT Help Desk impersonation jumped 14x YoY, with legal firms most victimized
- Ransomware was a leading threat to business
services, construction and finance firms
- Akira, RansomHub, Interlock, BlackBasta and Sinobi being the most active groups
- ClickFix lures increased by
almost 300% and represented over 30% of all malware deliveries
- Malware-related threats comprised 25% of the cyber cases analyzed by TRU.
Software companies saw the most threat cases, for a 15% increase YoY.
Manufacturing, while not first in the number of cases, experienced a 32% increase in threats, while business
services suffered an 8% increase.