Stolen Credentials and Missing MFA Continue to Fuel Breaches, Create MSSP Risk and Opportunity

New data from Rapid7 shows that 56% of breaches in Q1 2025 stemmed from stolen credentials where multi-factor authentication (MFA) wasn’t enabled, Infosecurity Magazine reports. This pattern has remained consistent over the past three quarters, signaling a continued gap in basic cyber hygiene across industries. Despite repeated industry recommendations, organizations are still slow to enforce MFA on all accounts, leaving valid credentials as low-effort entry points for attackers.

Alongside credential misuse, vulnerability exploitation and brute-force attacks each accounted for 13% of initial access techniques. One high-profile exploit involved a Fortinet vulnerability that allowed attackers to bypass authentication and create administrative accounts. These accounts provided access to firewall dashboards containing sensitive configuration and user data. CISA later confirmed that the flaw was used in an active ransomware campaign in March.

Other methods like exposed remote desktop protocol (RDP), remote monitoring and management (RMM) tools, and SEO poisoning also contributed to breaches. While RDP was the initial access point in 6% of incidents, it played a broader role in nearly half of all attacks investigated. SEO poisoning, meanwhile, continues to evolve, with attackers placing fake software ads at the top of search results to lure users into downloading malware.

The most common malware observed in Q1 was BunnyLoader, a malware-as-a-service loader seen in 40% of tracked incidents. It was used across nearly every major industry, including manufacturing, healthcare, and finance, for tasks like credential theft, keylogging, and dropping secondary payloads. Manufacturing was the hardest-hit sector, making up nearly a quarter of all reported breaches. For MSSPs managing environments in manufacturing, healthcare, and retail, this represents an urgent need for enhanced endpoint visibility and malware detection. As malware-as-a-service tactics grow, MSSPs will be expected to deliver faster threat intel, stronger access controls, and real-time containment strategies.