Skip to main content
CybersecurityMalware & Ransomware

Rise in Identity-Based Attacks Linked to Infostealer Threats

Rise in Identity-Based Attacks Linked to Infostealer Threats

“How safe is your digital identity?” This question is no longer rhetorical but a pressing concern as cybercriminals ramp up attacks targeting user logins. Recent data reveals a staggering 156% surge in cyberattacks linked to info-stealing malware and sophisticated phishing kits, exposing an alarming vulnerability in the way identities are protected online.

Info-stealer malware, a class of malicious software designed to extract sensitive information from infected devices, has become a preferred tool for cyber adversaries. Unlike broad ransomware attacks that often disrupt entire systems, info-stealers operate with precision, siphoning off credentials, personal identification data, and financial information quietly and efficiently. The rise of these threats corresponds with increasingly advanced phishing kits, which enable attackers to craft convincing login portals that trick users into surrendering their credentials.

Illustrate a realistic and contextually appropriate scene representing the rise in identity-based attacks linked to Infostealer threats. The image should depict a large, menacing shadow shaped like a digital thief with binary code as its texture (symbolizing an Infostealer), looming over a diverse crowd of men and women of different descents such as Caucasian, Hispanic, Middle-Eastern, South Asian, and Black. They are all attempting to shield their identities (illustrated by their avatar images) from the overwhelming shadow. The atmosphere should be tense, without being overly abstract or surreal, to enhance the body of the article. The illustration should be in an editorial style.

According to a recent report by cybersecurity firm CrowdStrike, the combination of info-stealing malware and phishing kits has fueled a dramatic 156% increase in attacks aimed directly at user logins over the past year. “This trend underscores a shift in cybercriminal tactics, from disruptive to stealthy, targeting the very keys to our digital lives,” said Shawn Henry, president of CrowdStrike Services. The widespread use of such tools enables even low-skilled threat actors to launch highly effective campaigns, multiplying the scale and impact of these attacks.

From a technological standpoint, these developments highlight a persistent challenge: traditional security measures, like static passwords and basic two-factor authentication, are proving insufficient. Experts advocate for more robust, adaptive defenses. Dr. Katie Moussouris, CEO of Luta Security, emphasizes the need for “identity-centric security models that incorporate behavioral analytics and continuous authentication,” pointing to emerging technologies as essential to countering evolving threats.

Policymakers, meanwhile, face the difficult balance of fostering innovation while safeguarding privacy and security. Recent legislative efforts in the European Union, such as the Digital Identity Wallets initiative under the eIDAS 2.0 regulation, aim to empower users with more secure and user-friendly digital identity management tools. However, critics argue that regulatory measures often lag behind the fast-moving tactics of cyber adversaries, leaving users exposed in the interim.

Users themselves are caught in this evolving battleground, often unaware of the sophistication or volume of threats targeting their credentials. Public awareness campaigns and cybersecurity education remain vital, yet the responsibility of protecting digital identities cannot rest solely on individuals. As cybersecurity analyst Brian Krebs notes, “Users are the last line of defense, but they shouldn’t be the only one.” The industry’s imperative is clear: develop and deploy solutions that reduce reliance on user vigilance alone.

The adversaries behind these attacks operate with clear incentives. Identity theft enables fraud, unauthorized access to financial accounts, and a host of secondary crimes that have severe personal and economic consequences. Cybercriminal groups continuously refine their tools, exploiting gaps in technology, human behavior, and regulation. The rise in identity-based attacks reflects a broader cybercrime ecosystem increasingly focused on monetizing stolen identities rather than causing overt disruption.

Looking ahead, the rapid expansion of connected devices and services—often referred to as the Internet of Things—further complicates identity protection. Each new platform represents an additional potential attack vector. Moreover, as remote work becomes entrenched, the perimeter around organizational networks dissolves, necessitating even more sophisticated identity verification methods.

In an era when our online identities underpin everything from financial transactions to social interactions, the growth of info-stealer threats serves as a cautionary tale. It challenges technologists to innovate, pushes policymakers to act decisively, and urges users to remain vigilant. Ultimately, the question remains: as identity-based cyberattacks evolve in scale and subtlety, will our collective defenses evolve fast enough to keep the keys to our digital lives safe?