Report: Cloud Identity Compromise Drove 80% Of 2025 Incidents
SC Media, Monday, March 16th, 2026
Field Effect's 2026 Cyber Threat Outlook reveals that compromised cloud identities were the primary driver behind more than 80% of incident-related alerts investigated last year, signaling a fundamental shift in attacker focus, reports Security Brief Asia.
Director of Security Services Earl Fischl stated that "attackers didn't exploit a vulnerability. They logged in using valid credentials," noting that identity has become "the dominant attack surface." The report highlights how attackers increasingly abuse trusted collaboration tools like Microsoft Teams, Zoom, and Quick Assist to blend into normal activity.
One campaign tracked since September 2025 involved attackers impersonating IT help desks, creating Microsoft 365 tenants, and using Teams voice phishing to persuade employees to grant remote access via Quick Assist. These intrusions led to credential harvesting, lateral movement, and ransomware deployment.