https://www.bleepingcomputer.com/news/security/7-steps-to-take-after-a-credential-based-cyberattack/

These days, hackers don't break in — they log in. Using valid credentials, cybercriminals bypass security systems while appearing legitimate to monitoring tools.

And the problem is widespread; Google Cloud reports that weak or nonexistent credential protection facilitates 47% of cloud breaches, while IBM X-Force attributes nearly one-third of global cyberattacks to account compromises.