Picus Security, a leading security validation company, has released its Red Report 2025. In its latest findings, the firm has found that the attacks to breach the security of password managers have drastically increased in 2024. Picus Security’s report is based on an in-depth analysis of more than one million pieces of malware collected in 2024.
Attacks against password manager security in 2024 increased 3x compared to 2023
Picus Security reports that malware targeted 25 percent of credentials stored in password managers in 2024. It is a 3x increase as compared to the year 2023. For the first time, the MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) framework lists stealing credentials from password managers among the top 10 techniques.
The tech security firm believes that the malware is growing more sophisticated with each passing year. Cybercriminals are using them to target password managers in an attempt to break into various important digital accounts. Furthermore, the reports indicate that these attacks are not just growing in volume but also in sophistication.
Attackers are prioritizing “complex, prolonged, multi-stage attacks,” which require a new generation of malware. Notably, the new malware comes with “more than a dozen malicious actions designed to help attackers evade defenses, increase permissions, and exfiltrate data.” Picus Security’s report also mentioned that, despite the widespread hype surrounding artificial intelligence and its potential applications in cybersecurity, it didn’t find any evidence that cybercriminals are using AI-driven malware.
“Threat actors are leveraging sophisticated extraction methods, including memory scraping, registry harvesting and compromising local and cloud-based password stores, to obtain credentials that give attackers the keys to the kingdom,” said Picus Security co-founder and VP of Picus Labs, Dr. Suleyman Ozarslan.
The security firm advises the use of multi-factor authentication
With the number of malware attacks growing each year on password managers, Picus Security has advised users to set multi-factor authentication (MFA). Also, users should never reuse a password, especially for their password manager app. That said, you should always create and manage strong, unique passwords with all of your online services and websites. Also, never use the same password for more than a single website or social networking platform.
