Phishing and MFA exploitation: Targeting the keys to the kingdom

In 2025 attackers exploited trust-based workflows: phishing (used for initial access in ~40% of incidents), cascaded phishing from compromised/trusted accounts, abuse of Microsoft 365 Direct Send to spoof internal email, and MFA-focused attacks (MFA spray and a 178% rise in device compromise) targeted IAM and sectors like higher education; the report outlines these trends and recommends mitigations such as stricter SPF/DMARC, rejecting Direct Send, lockout policies, device hardening, and phishing-resistant MFA.