What Happened
In 2025, the cyber threat landscape has dramatically escalated — notably with a surge in credential theft. According to reporting, the security firm Check Point Software Technologies documented a 160% increase in compromised credentials compared to previous periods.
These stolen credentials now account for roughly one in five data breaches. (IT Pro)
At the same time, we've seen major disruptive attacks targeting large infrastructure: for instance, a ransomware strike on Collins Aerospace’s MUSE and vMUSE systems (used by many European airports) disrupted check-in and baggage-drop services across multiple airports. (Reuters)
These developments highlight two converging trends: widespread credential compromise and high-profile infrastructure disruption.
Why It Matters
Attackers now favour credentials & identity
Credentials are gold for attackers — once compromised, they allow direct access into systems, often evading detection more easily than malware. The fact that credential theft is responsible for twenty-percent of breaches shows how lucrative and low-risk this tactic has become. (IT Pro)
Moreover, the availability of “Malware-as-a-Service” and AI-assisted phishing makes credential theft accessible even to less-skilled threat actors.
Infrastructure attacks amplify stakes
The Collins Aerospace incident reveals how attackers no longer only go after data — they go after operational capabilities. By targeting critical systems used across airports, the disruption rippled far beyond data loss, affecting thousands of travel routes and passengers.
When critical infrastructure becomes the target, the fallout is not only financial but also societal—queues at airports, cancelled flights, delayed services—all affecting public trust and safety.
The combination makes a dangerous cocktail
Credential theft enables access; infrastructure attacks maximize impact. Put together, they set the stage for attacks that are both stealthy and massively disruptive. For organisations and individuals alike, the “safe” zones of the past no longer apply.
How to Protect Yourself
Individuals
- Use strong, unique passwords: Never reuse credentials across multiple services.
- Enable Multi-Factor Authentication (MFA): Even if credentials are leaked, MFA adds an extra hurdle.
- Use a password manager: These help generate and store complex passwords behind one strong master password.
- Monitor for credential leaks: Various services will alert you if your email or username shows up in a leak — change passwords immediately.
- Stay alert for phishing and vishing: Attackers use social engineering to gain access.
- Keep your software updated: Many incidents still stem from outdated software.
Organisations
- Implement least-privilege access: Ensure users and systems have only the permissions they need.
- Enforce strong identity and access management (IAM): Use MFA, enforce password rotation, detect unusual login behaviour.
- Audit and secure third-party integrations and SaaS vendors: Many breaches stem from weak vendor controls or misconfigurations.
- Segment networks and deploy intrusion detection: Reducing the blast radius of any credential compromise or breach makes a difference.
- Test incident-response plans: Rehearse scenarios for when systems go offline or data is stolen.
- Educate staff regularly: Training helps reduce human error and social engineering success.
Concluding Insight
The cyber-threat landscape in 2025 reflects a shift: it is not only about data any more — it is also about identity and operational disruption. For individuals, credentials are just as valuable to attackers as your money. For organisations, the stakes go beyond compliance — they now include business continuity and public trust.
Taking simple steps like enabling MFA and using a password manager may feel small when compared with headline-grabbing breaches. Yet those steps are exactly what stand between you and becoming yet another statistic in the credential-theft surge. Vigilance, both by individuals and enterprises, remains our best defence.
