The appeal for opportunistic cybercriminals is obvious: why spend months searching for technical vulnerabilities when you can simply log in using legitimate credentials? It's faster and easier to attempt a credential stuffing attack on an unsecured VPN than it is to use highly technical coding or uncover a zero-day vulnerability to exploit.