The Shift in Cyberattack Terrain: From Corporate Servers to Personal Devices

In a recent study conducted by NordVPN, a leading provider of personal security services, and the threat intelligence platform NordStellar, troubling trends have emerged in the realm of cybersecurity. As highlighted in their report comparing data breaches with the activities of Infostealers—malware designed to steal information—it appears that cyberattacks are shifting focus from corporate servers to personal devices.

Study Overview

This investigation aimed to analyze and compare published breach incidents and Infostealer infection logs. The report primarily highlights the calls for improved awareness and the urgent need for individuals to bolster their cybersecurity practices.

Key Findings:

- Corporate Data Breaches: The number of breaches targeting organizational databases decreased by 36% from 2024 to 2025, with incidents dropping from 4,804 to 3,069.
- Infostealer Activity: In contrast, logs of Infostealer infections saw a significant rise of 35%, jumping from 19.5 million to over 26 million during the same period.
- Password Leaks: More alarming is the scale of password leaks, where the number of exposed passwords via Infostealers reached approximately 624 million, making it over 18 times higher than the 34 million revealed through data breaches.

The Growing Danger of Infostealers

While the decrease in data breach incidents could be perceived as an improvement in cybersecurity practices, the increase in Infostealer infections indicates a change in attackers' strategies. Attackers are now prioritizing cost-effectiveness over complexity, as noted in Cloudflare's 2026 Threat Report. The report emphasizes that modern attackers tend to prefer volume and efficiency in their methods.

The traditional assault on corporate servers frequently requires exploiting expensive zero-day vulnerabilities. In contrast, stealing credentials through Infostealer infections provides attackers access to extensive information at a significantly lower cost. As security measures around corporate systems strengthen, personal devices become more appealing targets for infiltration.

The Silent Threat

Senior threat intelligence researcher Mantas Sabekis of NordStellar pointed out that Infostealers can quietly extract not only stored passwords but also cookies, auto-fill data, and session tokens. This type of breach may lack the dramatic visibility typical of traditional data breaches; however, the impact on individuals can be just as severe.

A Dangerous Misconception

One critical issue highlighted in the study is the tendency to underestimate the severity of losses associated with Infostealer infections. When a corporate data breach occurs, the affected organization often has a legal obligation to notify users, leading to rapid responses like password resets. On the contrary, there’s no similar notification system for infections via Infostealers. Without awareness, individuals may unknowingly have their credentials leaked on the dark web, leading to unauthorized account access or social media hijacks before they realize they've been compromised.

Recognizing solely the drop in data breach numbers as a signal of diminishing cyber risks can be misleading. Individuals must remain vigilant regarding the theft of their credentials through personal devices.

Three Immediate Actions to Protect Against Infostealers

1. Avoid Storing Passwords in Browsers: While convenient, it's crucial to switch to a dedicated password manager and disable auto-saving in browsers, as Infostealers often target this information first.
2. Enable Multi-Factor Authentication (MFA): Even if passwords are compromised, MFA adds an extra layer of security, preventing unauthorized logins.
3. Steer Clear of Downloading from Unofficial Sources: Pirated software or unknown free tools can harbor Infostealers. Always obtain software from official sites or trusted stores, ensuring devices remain updated.

Insights from NordVPN’s CTO

Mariusz Briedis, the CTO of NordVPN, emphasized the importance of awareness surrounding Infostealers. He noted that while many understand data breaches as a cyber risk, Infostealers remain less recognized despite their ability to harvest critical data. For attackers, leveraging stolen credentials to log in as legitimate users has become a cost-effective and successful method compared to breaching corporate systems directly. The more devices remember information, the higher the chances of sensitive data being stolen during a breach. Prioritizing security measures like avoiding password storage in browsers, activating MFA on key accounts, and refraining from downloading software from questionable sources is essential.

About NordVPN

NordVPN is a leading VPN service provider used by millions worldwide, boasting over 8,200 servers across 135 countries and 209 cities. It offers diverse features such as dedicated IP addresses, Double VPN, and Onion Over VPN servers, enhancing online privacy without tracking. The platform's
Threat Protection Pro