Microsoft’s Digital Defense Report 2025[1] warns of a marked increase in identity-based attacks, driven in part by the growing use of artificial intelligence to craft convincing social engineering lures. The company says its systems analyze more than 100 trillion security signals every day and that identity attacks rose 32% in the first half of 2025 compared with the previous period.[2]
Microsoft emphasizes that password attacks remain the primary vector: more than 97% of observed identity-based intrusions were password-based. Large-scale credential stuffing and brute-force attempts are responsible for most malicious sign-in attempts against organizations. Attackers obtain credentials from previous data breaches, leaked credential lists, and automated password reuse.
The report also documents the growing use of information-stealing malware and social engineering techniques to harvest credentials. Infostealers quietly exfiltrate login data and other sensitive information from compromised endpoints, which the attackers either exploit directly or sell on cybercrime marketplaces. Microsoft notes that criminals are combining these tools with AI to produce highly realistic phishing emails and social posts that increase response rates.
Microsoft highlights an uptick in direct-contact scams, in which attackers impersonate support staff to trick help desk personnel into resetting passwords. These tech support and vishing attacks have featured in recent high-profile incidents linked to English-speaking criminal groups such as Scattered Spider. Microsoft incident responders reported that credential reset social engineering is increasingly favored for gaining access to corporate accounts.
The report, which covers trends from July 2024 to June 2025, shows that IT firms and government bodies at the national and local levels are among the most targeted sectors. In addition to identity theft, Microsoft documented exploitation of several critical vulnerabilities during the period, including CVE-2024-50623 (affecting the Cleo file-sharing tool) and issues in products from Fortinet, BeyondTrust, and SimpleHelp.
Microsoft’s incident teams found ransomware to be the primary objective in around 19% of cases where actor intent could be determined. The company cites research from the intelligence firm Intel 471, which notes 120 ransomware variants targeting 71 industries over the last year, with many victims in the United States. Nearly half of the organizations listed on ransomware leak sites had annual revenues of $50 million or less, underscoring the broad reach of extortion campaigns.
To combat the surge, Microsoft reiterates basic hygiene and modern authentication controls: enforce multi-factor authentication (MFA), remove legacy authentication protocols, implement ‘passwordless’ solutions where feasible, and monitor for credential stuffing and anomalous sign-in patterns.
Organizations should also harden endpoints against infostealers, restrict administrative privileges, and strengthen help desk controls to prevent social engineering resets.
The report frames AI as both an asset and a threat: while defenders can use machine learning and automated detection at scale, adversaries are increasingly leveraging AI to enhance phishing, craft deepfake content, and automate credential harvesting.
Microsoft calls for a combination of technological controls, user education, and threat intelligence sharing to mitigate the growing risk.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators-of-compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.microsoft.com/en-us/corporate-responsibility/cybersecurity/microsoft-digital-defense-report-2025/
[2] https://www.cybersecurityintelligence.com/blog/ai-is-driving-a-sharp-rise-in-identity-hacks--8811.html
Comments