Red Report 2025: Unmasking a 3X Spike in Credential Theft and Debunking the AI Hype

Cybercriminals have turned password theft into a booming enterprise, malware targeting credential stores jumped from 8% of samples in 2023 to 25% in 2024, a threefold increase​. This alarming surge is one of many insights from the newly released Red Report 2025 by Picus Labs, which analyzed over 1 million malware samples to identify the tactics hackers rely on most​. The findings read like a blueprint for a “perfect heist,” revealing how modern attackers combine stealth, automation, and persistence to infiltrate systems and plunder data without detection. And while the media buzzes about AI-driven attacks, our analysis reveals that the dark allure of AI in malware remains more myth than reality. Credentials Under Siege: 3× Increase in Theft Attempts According to the report, credential theft has become a top priority for threat actors. For the first time, stealing credentials from password stores (MITRE ATT&CK technique T1555) broke into the top 10 most-used attacker techniques​. ... Read full article.