Field Effect Report Finds Identity Compromise Driving Majority of Cyber Incidents

More than 80% of incident-related alerts tied to cloud identity abuse, new threat outlook shows

OTTAWA, ON, March 10, 2026 /CNW/ – Field Effect has released its 2026 Cyber Threat Outlook, revealing that more than 80% of incidents investigated by the company in 2025 stemmed from cloud identity compromise. The finding highlights a major shift in how attackers gain access to corporate environments.

Based on Field Effect’s managed detection and response telemetry and frontline incident investigations, the report shows that threat actors are increasingly bypassing traditional exploits by abusing trusted identities, collaboration platforms and enterprise workflows.

“In many of the incidents we investigated in 2025, attackers didn’t exploit a vulnerability. They logged in using valid credentials,” said Earl Fischl, Director of Security Services at Field Effect. “Identity has effectively become the dominant attack surface. Once attackers gain access to trusted accounts, they can blend into normal activity and move through an organization much more easily.”

Key findings from the 2026 Cyber Threat Outlook

Identity compromise dominates: More than 80% of incident-related alerts observed by Field Effect involved compromised cloud identities, often tied to phishing driven account takeover.
Trusted platforms exploited: Attackers increasingly abused legitimate collaboration and remote support tools such as Microsoft Teams, Zoom and Quick Assist to deliver malware and gain privileged access.
AI accelerating attacks: Generative AI enabled faster phishing development, automated reconnaissance and quicker exploit validation.
Edge infrastructure targeted: VPNs, routers and other internet facing systems remained critical entry points for ransomware and credential driven attacks.
Geopolitical tensions shaping threats: State aligned actors, ransomware groups, and hacktivists increasingly overlapped in tactics and infrastructure.

Collaboration platforms used as entry points

Field Effect investigators observed multiple campaigns exploiting trusted enterprise tools to gain initial access.

In one campaign tracked since September 2025, threat actors impersonated internal IT help desks through newly created Microsoft 365 tenants and used Microsoft Teams vishing calls to convince employees to grant Quick Assist remote access. Once access was granted, attackers executed PowerShell based tooling to enumerate privileges and deploy additional malware.

These identity driven intrusions frequently led to credential harvesting, lateral movement and ransomware deployment.

AI accelerating adversary operations

The report also highlights the growing operational role of generative AI in cybercrime. Threat actors used AI to produce convincing phishing content, automate reconnaissance and test exploit code more efficiently.

“AI did not necessarily introduce entirely new attack techniques,” Fischl said. “What it did was dramatically accelerate the ones attackers were already using, making them faster and easier to scale.”

Edge devices remain high value targets

Beyond identity compromise, Field Effect investigators observed persistent attacks targeting edge infrastructure such as VPN appliances, firewalls, and routers.

One sustained campaign involved exploitation of SonicWall SSL VPN appliances, where attackers reused previously exposed credentials to authenticate directly into high privilege systems. In several cases, these credentials were later leveraged by Akira ransomware operators.

The campaign demonstrated how attackers can combine credential reuse, delayed patching and exposed edge systems to bypass traditional defenses.

Converging cyber threats

The report also found that geopolitical tensions continued to shape cyber activity throughout 2025. State aligned actors intensified espionage and access operations, while ransomware groups and hacktivists increasingly targeted critical infrastructure and public sector organizations.

These overlapping motivations are contributing to a threat landscape where financial, political and strategic objectives increasingly intersect.

“Organizations cannot control an attacker’s intent or capabilities,” Fischl said. “But they can reduce the opportunities attackers rely on by strengthening identity security, improving visibility across their environments and addressing exposed infrastructure.”

The Field Effect 2026 Cyber Threat Outlook draws on investigations and telemetry collected by Field Effect’s global security teams throughout 2025.

The full report is available here.

About Field Effect

Field Effect is a global cybersecurity company delivering managed detection and response (MDR) to help organizations detect, prevent and respond to cyber threats. Through a combination of advanced technology, AI-driven analytics, expert-led threat intelligence, and human-centered security delivery, Field Effect enables customers and partners to reduce risk and strengthen cyber resilience.

View original content to download multimedia:https://www.prnewswire.com/news-releases/field-effect-report-finds-identity-compromise-driving-majority-of-cyber-incidents-302708531.html

SOURCE Field Effect

Field Effect Report Finds Identity Compromise Driving Majority of Cyber Incidents

^TSX:CA

^JX:CA

^SP500

^TX20:CA

Azilen Technologies Delivers 2.7x Capital Velocity Using Agentic AI in Lending Across Underwriting & Credit Operations

Ontario Teachers’ announces positive 2025 results

National Bank of Canada Announces an Amendment to Its Normal Course Issuer Bid

RESAAS Engages Oak Hill Financial for Investor Relations Services

Canadian Investment Regulatory Organization Trading Halt – GSY

FRONTERA MOVES TO ACCEPT $525 MILLION SUPERIOR PAREX OFFER

PLAN replaces 50% of Portland cement with latest cement

Media advisory – Environment and Climate Change Canada to hold a technical briefing related to a severe freezing rain event predicted for areas of Ontario, Quebec and Atlantic Canada

Incora and Infosys Collaborate to Advance AI-Enabled Supply Chain Operations

New survey: 61 per cent of HR leaders report AI-generated applications are slowing hiring

Aypa Power and Six Nations of the Grand River Development Corporation Secure CA$700 Million Financing Close for Ontario Battery Energy Storage Projects

METALLIS CLOSES $1,262,000 PRIVATE PLACEMENT AND APPOINTS NEW VP OF EXPLORATION

Ascend Wellness Holdings Unveils a Full Relaunch of Its Ozone Brand

Bell and Coveo announce strategic sovereign AI partnership to advance Canada’s digital leadership

Baylin Technologies Antennas Selected by Various Carriers for Deployment at Special Events Throughout Europe

Canadian Cancer Society launches Soccer for Cancer, uniting players across Canada to take on cancer through the game they love

Manulife Selects Akka to Operationalize Agentic AI within its Enterprise AI Platform

Transat A.T. Inc. Reports Results for the First Quarter of Fiscal 2026 Adjusted EBITDA Increases 68% Year Over Year

Pawsible Ventures Launches Pet Health Incubator With Global Advisory Board to Capture the $270B Pet Economy

Vizsla Copper Appoints Shawn Matthews as Strategic Advisor

Field Effect Report Finds Identity Compromise Driving Majority of Cyber Incidents

Get Timely Stock Picks from the Pros

Join Below