Password Guessing and Account Misuse Top Cyberattack Tactics in 2025: Kaspersky
Password Guessing and Account Misuse Top Cyberattack Tactics in 2025

Password guessing and valid account misuse have become the most effective cyberattack tactics in 2025, according to a global report by Kaspersky Security Services. The report reveals a strategic shift as attackers move away from noisy malware to leverage legitimate access, making detection harder.

Key Findings from Kaspersky's 'Anatomy of a Cyber World' Report

The report, based on data from Kaspersky Managed Detection and Response (MDR), Incident Response (IR), Compromise Assessment, and SOC Consulting in 2025, highlights the most common adversary techniques. A significant portion of monitored attack techniques revolves around credentials and identity management.

According to the report, the top malicious tactics by conversion rate are: password guessing (34.8%), local account creation (34.7%), valid account abuse (34.5%), account manipulation (32%), and network service discovery (31.2%). These techniques are ranked by how frequently observed activity led to confirmed malicious incidents.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Attack Techniques in Detail

Password guessing involves systematically trying different passwords until gaining access, remaining a persistent threat due to weak or reused passwords. Local account creation allows attackers to maintain access even after their initial foothold is removed. Valid account abuse uses stolen credentials to blend in with normal activity, making detection extremely difficult.

Account manipulation involves modifying existing accounts, such as activating disabled accounts or escalating privileges, to deepen control. Network service discovery is reconnaissance before lateral movement, providing a critical window for early intervention.

Expert Commentary on the Trend

According to Sergey Soldatov, Head of Security Operations Center at Kaspersky, "Threat actors do not always need sophisticated malware to achieve their objectives. In many cases, legitimate administrative tools and compromised accounts remain the fastest and most effective way to move inside an organization while avoiding detection."

Soldatov emphasized that the continued popularity of these techniques shows organizations need deep visibility into attacker behavior and the ability to correlate suspicious activity across attack stages. He recommended solutions like Kaspersky Managed Detection and Response and Incident Response to address these challenges.

Pickt after-article banner — collaborative shopping lists app with family illustration