← Back to news

Compromised Logins Surge as the Most Common Entry Point for Ransomware Attacks

Infosecurity Magazine15/07/2026, 12:45
Read full article →

Summary

AI-Generated

Key Points:

  • Identity-based attacks and compromised credentials are now the primary entry point for ransomware, accounting for 79% of incidents.
  • Affected systems include exposed applications, remote device logins, firewalls, and VPNs, with phishing and brute force attacks also contributing significantly to initial access.
  • Organizations should implement robust identity threat detection and response (ITDR), enforce multi-factor authentication (MFA), and conduct regular audits of identity credentials to mitigate risks.

Technical Details: The report highlights that 38% of attackers accessed exposed applications using legitimate user logins, while phishing was responsible for 24% of ransomware incidents. The shift from exploiting vulnerabilities to leveraging compromised identities marks a significant trend in the threat landscape.

MITRE ATT&CK Techniques:

  • T1078 - Valid Accounts (Defense Evasion, Initial Access)
  • T1566 - Phishing (Initial Access)
  • T1110.001 - Brute Force: Password Guessing (Initial Access)

IOCs Mentioned: None mentioned

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.