One in four attacks involve stealing saved passwords from browsers to authenticate as valid users.

Credential phishing campaigns using .es domains increase 51 times year-over-year, with the .es top-level domain jumping from the 56th to the 3rd most-abused TLD.

Among the roles most vulnerable to credential theft, 28% were in Project Management, followed by Consulting (12%) and Software Development (10.7%).

Credentials for victims of the Play, Akira, and Rhysida ransomware groups were found on cybercrime marketplaces between 5 and 95 days prior to the reported attack.

The average time between credentials being found and the reported ransomware attack was 2.5 weeks

Credentials or data were stolen in nearly half of all cyberattacks.

Over 65% of missed phishing emails across SEGs are vendor scams and credential theft.