The report skips over the details of the "fraudulent Entra ID tenants." Granted, I started to move away from the MS ecosystem in the days of Code Red, but how easy is it to create these identities, and are they implicitly trusted somehow?
One of the prevalent issues with these collaboration, chat, help desk tools is that they're a lot of effort to replace longstanding technology that has had decades of security baked into it (e.g., email). Especially in a corporate environment, something like a PKI can greatly bolster the security of email. Instead, we keep pumping more apps and tools into the workplace, creating an exponential stress on each user as they have to learn, patch, and monitor these tools, which often are rushed to market.
Also, I wish we would stop calling social engineering "sophisticated." Or for once, I wish I could read a report that didn't use that hyperbolic adjective. These kinds of attacks have been around since the first caveman told his buddy that he was actually a prince and was having a little monetary trouble. If you strip away the tech, most people would sniff out these attacks quite quickly, but again, we force users into distracting, new environments and that's how these attacks succeed despite their old and worn mechanisms.
