Flashpoint has released its Proactive Defender’s Guide to Infostealers, underscoring the urgent need for proactive defense against infostealers — identified as the “most scalable entry point into enterprises” in 2025.
Proactive infostealer monitoring and defense
According to Flashpoint’s research, infostealer-driven credential theft has surged by 800% over the past year, compromising more than 1.8 billion corporate and personal accounts. Stolen data includes sensitive information such as passwords, cookies, and other confidential credentials.
Flashpoint’s guide offers organizations a roadmap for shaping their 2026 defense strategies, including an analysis of the most active infostealers, strategies for managing the identity attack surface, and practical guidance for operationalizing infostealer intelligence.
It stresses that organizations must adopt a proactive approach to counter the growing infostealer threat — leveraging infostealer threat intelligence and responding immediately when data is exfiltrated, packaged into logs, and listed for sale.
“A single log file can capture enough host and session information to enable attackers to move laterally through systems and achieve complete network compromise,” said Ian Gray, vice president of intelligence at Flashpoint.
“Given the 800 percent surge in infostealer infections during 2025, defensive strategies must shift toward proactive monitoring of stolen session cookies and corporate device metadata — eliminating the risk before attackers can orchestrate a full network breach,” Gray added.
Strategies to manage the identity attack surface
In response to the rise in infostealer-related incidents, Flashpoint advocates for Primary Source Collection (PSC). PSC involves actively capturing raw logs directly from infostealer marketplaces, Telegram channels, and underground forums.
These raw data sets are then processed through the Flashpoint platform, where they are converted into structured intelligence that helps security teams detect and neutralize threats before they escalate.
Flashpoint CEO and co-founder Josh Lefkowitz emphasized the importance of PSC amid the rapid growth of the malware-as-a-service market.
“As organizations plan their 2026 defense strategies, defending against this trend requires a direct, unmediated view into the illicit underground where these logs are being weaponized,” Lefkowitz said.
“Acquiring this level of visibility necessitates Primary Source Collection (PSC). Flashpoint is delivering this foundational intelligence, allowing leaders to interrupt the attacker’s chain, accelerate proactive defense strategies, and successfully pivot the business model to one of true digital resilience,” Lefkowitz added.
In August, Flashpoint also released its Global Threat Intelligence Index: 2025 Midyear Edition. Read more about its findings on attacker behavior and emerging trends within the cyber threat landscape.





