Worrying trend
Remote measurement data from cybersecurity company Kaspersky recorded that the number of password-theft malware attacks targeting business users in Southeast Asia increased by 18% in 2025, reflecting the alarming current situation: bad actors are secretly collecting and exploiting authenticated information to infiltrate the business environment, overcoming all warning barriers without being detected by security systems.
Password-theft malware is a form of malicious software, designed to steal passwords and other account information. This type of malware extracts password decryption keys stored on the browser, analyzes buffer data and browser data storage files, and finds ways to access encrypted user wallet data.
Cybercriminals can use stolen passwords to illegally access accounts for many malicious purposes, such as property appropriation, impersonation, extortion, or using these compromised accounts as springboards for subsequent attacks.
Mr. Adrian Hia, CEO of Kaspersky Asia-Pacific region revealed a worrying figure, after analyzing 193 million compromised passwords, they found that up to 45% of passwords could be cracked in less than a minute, and only 23% of passwords are strong enough to withstand attacks for more than a year.
These figures show that the habit of creating weak passwords and neglecting the creation of authentication information is becoming a loophole, creating conditions for large-scale attacks and intrusions.
Recommendations
To strengthen password policy, users and businesses can apply the following simple measures:
- Use a password manager. Usually, remembering long and unique passwords for all services used is almost impossible. But with a password manager, you only need to remember the main password.
- Use different passwords for each service. Thus, even if one account is stolen, the remaining accounts are still guaranteed to be safe.
- Combine random, unrelated words for the password phrase to increase security. Even when setting passwords with ordinary words and phrases, arrange them in unusual order and make sure they are not related to each other. You can also use online password checking tools to assess the strength of the password.
- Avoid using predictable passwords taken from personal information such as date of birth, relative's name, pet name or your own name. These are usually the first suggestions that attackers will try.
- Turn on two-factor authentication (2FA). Although not directly related to password strength, 2FA adds an important security layer.
- Use reliable security solutions to enhance protection capabilities, through monitoring the Internet and dark web, warning immediately when your password needs to be changed.
- Deploy advanced security solutions, integrate endpoint, cloud protection capabilities and XDR/EDR endpoint detection and response solutions to detect, investigate and respond to complex threats such as spyware, backdoors and ransomware.
- Frequently update software, especially widely used applications such as Microsoft Office, to minimize the risk of vulnerability exploitation attacks.
- Grasp information about threats to equip yourself with knowledge of the latest attack tactics and build corresponding defense scenarios.
