In 2025, the biggest threat to your organization may already be inside — not through an elaborate breach, but through a legitimate login. Infostealer malware has surged across the cybercrime landscape, quietly harvesting credentials from unsuspecting victims and feeding a booming underground market. This trend poses a serious and often underestimated risk to all kinds of organizations.
In this session, we will explore how infostealers have evolved from simple keyloggers into complex data-exfiltration tools, driving initial access for ransomware groups, APTs, and other threat actors. An APT does not have to put much effort anymore in getting initial access. They can simply go to Telegram, spend a couple of dollars and get access to hundreds of thousands of credentials. Between those credentials are also sensitive company and government credentials and even session cookies, which can be used to bypass MFA.
We will dive into a real-world case, examine how credentials end up for sale on Telegram, Genesis Market-like platforms, or hacker forums, and show how adversaries use them to bypass your perimeter defenses entirely.
Most importantly, we will look at practical strategies to monitor, detect, mitigate, and respond to this growing threat — before the next login leads to your worst-case scenario. And let’s bundle all of our knowledge together on this topic, so that we can all fight this upcoming threat.
