Field Effect's 2026 Cyber Threat Outlook reveals that compromised cloud identities were the primary driver behind more than 80% of incident-related alerts investigated last year, signaling a fundamental shift in attacker focus, reports Security Brief Asia.Director of Security Services Earl Fischl stated that "attackers didn't exploit a vulnerability. They logged in using valid credentials," noting that identity has become "the dominant attack surface." The report highlights how attackers increasingly abuse trusted collaboration tools like Microsoft Teams, Zoom, and Quick Assist to blend into normal activity. One campaign tracked since September 2025 involved attackers impersonating IT help desks, creating Microsoft 365 tenants, and using Teams voice phishing to persuade employees to grant remote access via Quick Assist. These intrusions led to credential harvesting, lateral movement, and ransomware deployment.Generative AI accelerated existing attack methods, making them faster and easier to scale. The report also cites continued attacks on edge infrastructure like VPN appliances and firewalls, often using reused credentials. Fischl emphasized that while organizations cannot control attacker intent, they can reduce opportunities by strengthening identity security and improving visibility.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds