Microsoft Security Blog: Defending against evolving identity attack techniques

May 29, 2025

—

Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/29/defending-against-evolving-identity-attack-techniques/
Source: Microsoft Security Blog
Title: Defending against evolving identity attack techniques

Feedly Summary: Threat actors continue to develop and leverage various techniques that aim to compromise cloud identities. Despite advancements in protections like multifactor authentication (MFA) and passwordless solutions, social engineering remains a key aspect of phishing attacks. Implementing phishing-resistant solutions, like passkeys, can improve security against these evolving threats.
The post Defending against evolving identity attack techniques appeared first on Microsoft Security Blog.

AI Summary and Description: Yes

**Summary:** The text provides an in-depth analysis of evolving phishing and social engineering techniques targeting enterprise cloud environments, highlighting sophisticated methods employed by threat actors to compromise identities and access credentials. It emphasizes the importance of advanced security measures such as multifactor authentication (MFA), passwordless solutions, and Zero Trust principles in defending against these threats, along with a robust user awareness training program.

**Detailed Description:**
The text outlines a comprehensive overview of modern phishing attacks, specifically targeting cloud identities, and describes various sophisticated techniques being used by threat actors. Key points include:

– **Evolving Threat Landscape:**
– Cyber attackers are adopting more sophisticated methods to steal credentials, particularly in enterprise cloud environments.
– Despite advancements in security measures like MFA and passwordless solutions, social engineering techniques remain prevalent in phishing attacks.

– **Phishing Resistance Strategies:**
– Implementing phishing-resistant solutions such as passkeys can enhance organizational security against advanced phishing tactics.
– Microsoft aims to improve defenses against phishing attacks by continually adapting security measures.

– **Modern Phishing Techniques:**
– **Adversary-in-the-Middle (AiTM):** This method uses a proxy server to capture user credentials during authentication, exploiting the increase in MFA usage. The Evilginx phish kit exemplifies this tactic.
– **Device Code Phishing:** Attackers exploit the authentication process to capture tokens to access accounts.
– **OAuth Consent Phishing:** Threat actors use malicious consent links that grant access tokens.
– **Device Join Phishing:** Phishing attempts to authorize malicious devices into the organization’s domain.
– Attack methods continue to evolve with techniques like email impersonation and QR codes effectively used in phishing campaigns.

– **AI in Phishing Attacks:**
– The integration of AI tools by threat actors allows for more convincing phishing lures due to enhanced language capabilities.
– Microsoft identifies that AI is being employed to craft sophisticated phishing emails and messages.

– **Phishing Beyond Email:**
– Phishing tactics have extended to various platforms, including social media and enterprise communication applications, revealing the breadth of digital exposure for organizations.

– **Post-Compromise Phishing:**
– Threat actors often use acquired identities to conduct further attacks within organizations, enabling lateral movement and the targeting of more privileged accounts.

– **Defense Recommendations:**
– The text concludes with several recommendations for organizations:
– Configure security settings in Microsoft Entra and utilize the Microsoft Authenticator app.
– Utilize risk-based conditional access policies and enforce the principle of least privilege using Zero Trust.
– Establish user awareness training programs and phishing simulations to educate employees about social engineering risks.
– Implement comprehensive security measures, including Global Secure Access for enhanced network defense.

This analysis emphasizes the necessity for organizations to remain vigilant and proactive in their security posture, particularly in defending against continually evolving phishing threats targeting cloud identities.

2 2025 5 a access access credentials access policies access token access tokens account Act advanced advanced phishing tactics advanced security advanced security measures advancement advancements adversary AI AI tool AI tools analysis and app Application applications art as attack attack method attack methods attack techniques attackers attacks authentication Authentication Process aware awareness awareness training based being beyond Bi by C campaigns capabilities CI CIA Cloud cloud environment cloud environments co code code phishing communication Condi conditional access conditional access policies Consent consent phishing credential credentials cyber cyber attack D de defense defense recommendations defenses depth device device code phishing digital domain e effective email end Engineer engineering enterprise Entra environment ERP evolving threats exp exploit eXtended fact factor authentication factor authentication (MFA) first for g git gs H high Highlight HR http HTTPS identity identity attack techniques impersonation in integration io Iron IRS ite J k Key keys l land language lateral movement least Least Priv least privilege led Li Link long low M measures media MFA Micro Microsoft Microsoft Entra Microsoft Security Microsoft Security Blog mid middle Mode Modern multi multifactor authentication N nation network network defense o OAuth of on opt organization organizational security organizations oS out over passkey Passkeys passwordless passwordless solutions phi phishing phishing attack Phishing Attacks phishing attempts phishing campaign phishing campaigns phishing emails phishing resistance phishing simulations phishing tactics phishing techniques platform platforms point policies post pre Principle of Least Privilege principles privileged accounts proactive process protection proxy Q QR code QR codes R rag rate RCE recommendations red resistant resistant solutions Risk risks Ro RoT RSA Rust s sec secure secure access security security measure security measures security posture server settings Sim simulation simulations size SoC social social engineering social engineering techniques social media solutions source specific strategies T tactics tech techniques text the threat threat actor threat actors threat landscape threats to token tokens tool tools Tor TP training Training Programs trust trust principles two UI US usage use user User Awareness user awareness training user credentials uth V val Ware Wi x zero Zero Trust