ENISA Reports a Rise in Identity-Based Attacks Toward the End of 2025
In its analyses and reports throughout 2025, ENISA highlights a clear increase in identity-based attacks, including account compromise, abuse of legitimate credentials, and large-scale social engineering campaigns.
According to ENISA, a growing number of major cybersecurity incidents no longer begin with a technical vulnerability, but with unauthorized access to valid user accounts. This includes phishing campaigns, credential harvesting, token abuse, and attacks targeting weakly protected cloud and SaaS environments.
Why identity-based attacks are so effective
ENISA notes that identity-based attacks often:
bypass traditional security controls
blend in with legitimate user activity
enable long-term persistence without triggering alerts
In many cases, missing MFA, misconfigured IAM, or limited visibility into user sessions significantly lowers the barrier for attackers.
Strong connection to cloud and hybrid environments
ENISA’s 2025 findings emphasize that identity-based attacks are particularly effective in:
cloud infrastructures
hybrid environments
organizations relying heavily on SaaS platforms
In these environments, user identity becomes the primary security perimeter, and once compromised, attackers can move laterally and access critical systems with ease.
DIAMATIX Perspective
From our perspective, this trend confirms that identity protection is no longer a standalone control, but a core component of operational cybersecurity.
Effective defense requires:
continuous monitoring of user and system identities
correlation across IAM, cloud, and endpoint telemetry
active detection of credential abuse and anomalous behavior
rapid response to suspicious identity activity
This is where MDR, XDR, and 24/7 SOC capabilities become essential for resilience against modern identity-based threats.
Sources:
ENISA – Threat Landscape 2025
ENISA – Cybersecurity Threats and Trends
ENISA – Identity and Access Management Risk Analysis
Trusted · Innovative · Vigilant
