SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Business office broken padlock digital data leak cyber security breach blue
#
Ransomware
#
Advanced Persistent Threat Protection
#
IAM

Picus Security warns of rising enterprise password breaches

Tue, 12th Aug 2025
Author image
By Jed Nykolle Harme, Editor

Picus Security has released the Blue Report 2025, revealing findings from over 160 million attack simulations in enterprise environments that raise concerns about the effectiveness of current cyber defence measures.

The report indicates that password security is deteriorating, with researchers finding that passwords were cracked in 46% of environments tested, nearly double last year's figure of 25%. The Blue Report attributes this to ongoing reliance on weak or outdated password policies.

Password vulnerability

Weak passwords and inadequate password management were at the centre of the report's most alarming figures. In almost half of the tested environments, at least one password hash was successfully cracked. This upward trend suggests that enterprises are falling behind adversaries in the fight to maintain secure authentication processes.

"We must operate under the assumption that adversaries already have access. An 'assume breach' mindset pushes organizations to detect the misuse of valid credentials faster, contain threats quickly, and limit lateral movement - which requires continuous validation of identity controls and stronger behavioural detection," said Dr. Süleyman Ozarslan, co-founder of Picus Security and VP of Picus Labs. 

Stolen credentials and data exfiltration

The report found that attacks using valid credentials were successful in 98% of cases. This means that threat actors employing techniques such as MITRE ATT&CK T1078 (Valid Accounts) can evade defences almost without opposition. The researchers stated that these results make stolen credentials "practically unstoppable."

Compounding the problem, just 3% of data exfiltration attempts were stopped by security systems, representing a sharp fall from the 9% prevention rate observed in 2024. This figure points to a growing risk of large-scale data theft for most enterprises.

Ransomware trends

The Blue Report also highlighted the continued prominence of ransomware, with certain strains remaining especially difficult for organisations to counter. For instance, BlackByte was cited as the hardest variant for enterprises to prevent, with a prevention effectiveness rate of only 26%. Other notable strains, BabLock and Maori, achieved prevention rates of 34% and 41% respectively. The result suggests ransomware operators have maintained an advantage in bypassing contemporary defences.

Detection gaps

The research identified significant deficiencies in early detection. Notably, prevention effectiveness for discovery techniques such as System Network Configuration Discovery and Process Discovery scored below 12%. According to Picus Security, this exposes substantial gaps in detection efforts, leaving organisations with a markedly reduced capacity to identify and contain threats promptly.

Erosion of defence effectiveness

Across the broader set of tested enterprise environments, Picus Security observed a decline in overall prevention effectiveness from 69% in 2024 to 62% in 2025. The company cited failures in detection rule configuration, persistent logging gaps, and suboptimal system integration as factors undermining situational awareness and defensive resilience. Although logging coverage remained steady at 54%, only 14% of attack attempts yielded alerts, meaning most malicious activity is able to proceed unobserved.

The report summarises that defences can deteriorate rapidly without constant oversight and validation of security tools and policies. Increased infostealer malware activity, a rise in double-extortion ransomware attacks, and the increased ability of attackers to move laterally between systems after stealing credentials, all contribute to heightened exposure for enterprises in 2025.

Methodology

The Blue Report's findings are based on attack simulations executed by Picus Security customers from January to June 2025. Simulations were conducted in production environments using the company's Security Validation Platform and were analysed by Picus Labs and Picus Data Science teams. The report provides insights across different industries and includes specific recommendations aimed at helping organisations identify and address key risks.

Related stories
Bitdefender warns OpenClaw AI skills rife with malware
Siemens unveils virtualised substation protection platform
Cayosoft, XMS to bolster US War Department identity
Portal26 unveils AI tool to measure GenAI business impact
Sygnia uncovers global law firm recovery scam network

Top stories

Why the all-AI social network looks more fad than legacy
Hexnode embeds upgraded Genie AI to run UEM actions
Safer Internet Day spotlights AI, trust & child safety
Record rise in digital squatting fuels phishing wave
Genetec report finds healthcare ramping up hybrid-cloud and AI security