“There are only two types of companies: those that have been hacked and those that will be.” Robert Mueller, former FBI Director
* By Francisco Camargo
Malware infiltration, data hijacking, stealing valuable credentials and other critical assets, exfiltrating encrypted data, and stealthy process injection, which allows intrusive code to run unnoticed, require an urgent shift in cybersecurity priorities.
By 2025, cyberattacks will be structurally more complex and multistage, combining stealth, automation and persistence for invasion of network systems, neutralization of defenses, exfiltration of confidential information and hidden stay for a longer period. Yes, in addition to infiltrating the victim's environment, attackers go deeper and branch out within it, using especially infostealers practically imperceptible. When discovered, it is already too late.
Acting discreetly, persistently and automatically, this type of malware has been responsible for a sequence of exceptionally effective attacks, using infiltration, in several internships, injection advanced process, exfiltration of secure channel and persistence boot. The result? An attacker's dream scenario, where precious credentials, from which entire networks come under attackers' control, can be hijacked without actually raising any alarms.
It is clear that traditional, segmented defenses, with tools and processes operating in isolation, are no longer sufficient. Organizations need validation of continuous security, monitoring behavioral advanced and strategy informed on threats that focus on TTPs (Tactics, Techniques and Procedures) preferred by attackers. By guiding defenses from data, organizations can better prioritize cybersecurity against the techniques most likely to attack them.
Now the main target of cybercriminals are password vaults.
These applications have become their favorite target and the reason is obvious: by gaining access to this repository, the doors to a real treasure trove are opened, which contains all the secret codes and even credit card numbers and their three precious security digits.
“I robbed banks because that's where the money is” Willie Sutton famous American bank robber, and today would be “I robbed secret vaults because that's where the network (money) is”
With the amount of codes needed to unlock access to the most diverse services, each with a different standard – admitting or not special characters, only numbers, upper and lower case letters – it becomes impossible to memorize everyone, which increased the use of apps that store credentials and, consequently, of attackers willing to do anything to gain access.
O Picus Red Report 2025, for example, found that malware specifically targeting credential storage systems, such as password managers and browser-based login data, tripled last year. To give you an idea, by 2024, 25% of the malware had behaviors mapped to Password Store Credentials. This means that cybercriminals don’t just open the vault, they also search for master keys inside. Once they have them, through lateral movement and privilege escalation, attackers can easily take over networks and applications.
In fact, malicious actions and ATT&CK techniques have escalated to a remarkable level of sophistication. We must face the ability of attackers to adapt their tactics according to each environment to be invaded and the clear change in direction, now, with precision-focused campaigns who work to create maximum destruction with minimum detection.
.
*Francisco Camargo is Vice-President of the Deliberative Council of ABES, CEO of CLM, a Latin American value-added distributor, focused on information security, data protection, cloud and data center infrastructure.
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies
EN 
PT 
