Identity & Access Management,
Security Operations
Microsoft Warns of Hackers Shifting Focus to Identity Compromises
In its annual cybersecurity report, Microsoft has alerted businesses about a significant increase in identity-based attacks, emphasizing that hackers are now more likely to “log in” rather than “break in.” This shift represents a stark change in the tactics employed by cybercriminals.
The report highlights that during the first half of 2025, attacks targeting identity systems surged by 32%. This rise is attributed to compromised credentials sourced from infostealers and the harvesting of username-password combinations from previous data breaches. Amy Hogan-Burney, Corporate Vice President of Customer Security and Trust at Microsoft, comments that this trend allows attackers to transition from traditional intrusion methods to simpler, yet effective, identity theft.
According to Microsoft, the use of infostealers, previously categorized as post-exploitation tools, has evolved. Malware variants such as Lumma Stealer, RedLine, Vidar, and Raccoon Stealer are increasingly functioning as initial access payloads in cyberattacks. This evolution has enabled a new realm of specialization within the cybercrime ecosystem, encompassing initial access brokers who sell stolen credentials, and ransomware groups leveraging these credentials to further their extortion efforts.
In May, Microsoft partnered with federal authorities to execute a takedown of Lumma infrastructure, although the operators quickly regrouped. This reiterates the adaptability of cybercriminal Networks in response to law enforcement interventions.
As organizations bolster defenses with measures such as multifactor authentication (MFA), hackers have adapted with advanced countermeasures. One alarming trend is the targeting of secure storage systems that protect sensitive data, including API keys and tokens. Cybercriminals are employing sophisticated social engineering techniques, like email bombing, to circumvent these protections, often leading victims to believe they require IT support for their inbox issues.
Additionally, the emergence of ClickFix attacks has gained traction in the hacking community. These attacks deceive users into copying and pasting code under the false pretense of resolving technical problems. Such tactics underline the ongoing adaptability of cybercriminal methodologies, posing significant risks to organizational security.
Despite the shifting landscape of digital threats, Microsoft asserts that an effective defense against the majority of identity compromise scenarios is straightforward: the implementation of multifactor authentication. This measure can mitigate over 99% of identity-related breaches, reinforcing its critical role in modern cyber defense strategies.
