"As security professionals, it's easy to get caught up in a race to counter the latest advanced adversary techniques. Yet the most impactful attacks often aren't from cutting-edge exploits, but from cracked credentials and compromised accounts. Despite widespread awareness of this threat vector, Picus Security's Blue Report 2025 shows that organizations continue to struggle with preventing password cracking attacks and detecting the malicious use of compromised accounts."
"In the Blue Report 2025, Picus Labs found that password cracking attempts succeeded in 46% of tested environments, nearly doubling the success rate from last year. This sharp increase highlights a fundamental weakness in how organizations are managing - or mismanaging - their password policies. Weak passwords and outdated hashing algorithms continue to leave critical systems vulnerable to attackers using brute-force or rainbow table attacks to crack passwords and gain unauthorized access."
Compromised valid accounts remained the most underprevented attack vector in the first half of 2025, requiring a more proactive defensive posture. Password cracking attempts succeeded in 46% of tested environments, nearly double the prior year's rate, revealing widespread weak password practices. Weak passwords and outdated hashing algorithms continue to expose critical systems to brute-force and rainbow-table attacks. Over 160 million attack simulations were executed across global networks using a security validation platform to measure prevention and detection effectiveness. Organizations frequently focus on advanced threats while neglecting basic credential hygiene and account-compromise detection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]