The attack that costs your client $1.5 million doesn’t start with a zero-day. It starts with a phishing email that captures a session token. By the time the attacker intercepts the wire transfer, they’ve been inside the environment for weeks, reading email, watching financial workflows, waiting. This is how modern attacks operate.
This is what business email compromise looks like in 2026. And it’s one of dozens of threat patterns documented in the Guardz 2026 State of MSP Threat Report, six months of telemetry from MSP-managed SMB environments across North America, EMEA, and APAC, covering billions of audit events across Microsoft 365, Google Workspace, endpoint, and cloud infrastructure.
The headline finding: the threat landscape has shifted from loud, detectable attacks to quiet, identity-driven campaigns that operate inside the trust boundaries your security tools were never built to catch. Here’s what the data shows.
AI didn’t improve phishing. It removed the signals defenders relied on.
The grammar mistakes and generic salutations that made phishing detectable are gone. AI-generated campaigns are now contextually accurate, sentiment-aware, and personalized using real email history pulled from previously compromised accounts.
The most damaging technique is Adversary-in-the-Middle (AiTM) phishing.
Tools like Evilginx and Tycoon 2FA proxy real authentication flows, capturing session tokens after MFA is completed. The attacker doesn’t need credentials. They inherit a valid session and operate as the user.
AI is also expanding BEC execution. Deepfake voice and video are now used to validate fraudulent requests, replacing traditional social engineering.
The scale of these attacks is already visible in the data:
- ~31% of monitored users had a compromised password at any point during the reporting period
- 14,000+ unique spray IPs per month targeting 10+ accounts each, growing 13% month over month
Identity is the primary battleground, and most SMBs are already exposed
89% of monitored SMBs had at least one user with confirmed credential compromise at any given time. Session hijacking incidents increased 23%. Authentication events from known-malicious infrastructure grew 50% over 120 days.
The less visible problem: non-human identities now outnumber human users in Microsoft 365 tenants at a ratio of 25:1. Service principals, OAuth apps, managed identities, these authenticate continuously, operate with elevated privileges, and in most SMB environments have no behavioral baseline and no monitoring. This is where persistence hides.
OAuth consent abuse made it dramatically worse. Consent events rose 45% between October 2025 and January 2026. Google Workspace OAuth abuse spiked 2,000% over the same six-month window. Once a user grants consent to a malicious app, that app retains API access through refresh tokens that survive password resets and MFA changes.
- 89% of monitored SMBs had confirmed credential compromise at any given time
- +2,000% spike in Google Workspace OAuth abuse between September 2025 and February 2026
- 25:1 ratio of non-human to human identities in Microsoft 365 tenants
BEC is costing SMBs millions, and the mechanics have evolved
It started August 18, 2025 with a legitimate payment conversation. Attackers monitored the thread for five weeks before inserting themselves using a spoofed domain on September 26. By October 2, a fraudulent payment method change was requested. By October 8, voice verification was completed, either through social engineering or an AI voice clone, and the transaction was authorized.
Seven weeks. No malicious links. No malware. No flagged rules. The attack was invisible to standard email security the entire time because it used legitimate access against legitimate business processes.
Inbox rules remain the number one BEC persistence mechanism (MITRE T1098.003). The report shows a spike in suspicious inbox rule modifications in the US region, hitting 304 unique users. At the same time, email quarantine activity surged 240%, showing how much malicious activity is being generated, even as the most dangerous attacks bypass detection entirely.
“What stands out in this data isn’t any single attack vector. It’s how identity, email, endpoint, and cloud signals are chaining together into multi-stage campaigns that move faster than traditional detection models were designed to handle,” Elli Shlomo, Head of Security Research, Guardz
Endpoint threats are shifting, and RMM abuse targets the MSP model directly
Ransomware behavioral detections surged 190% over a 50-day window while traditional malware detections declined 55%. Attackers are moving away from signatures and toward living-off-the-land techniques that blend with normal activity.
The biggest finding for MSPs: RMM tool abuse accounts for 26.2% of all endpoint threats, the top threat campaign in the dataset. The tools aren’t obscure malware. They’re MeshAgent, ScreenConnect, Atera, and NinjaRMM. Attackers deploy these to establish encrypted command-and-control channels that look identical to legitimate MSP traffic. The report also documents spoofed AteraAgent MSI files, modified installers that deliver persistent access while appearing as routine deployments.
Ransomware peaked at 8.2% of all threats in December 2025, correlating with the holiday staffing shortage window when incident response capacity is lowest.
- +190% ransomware behavioral detections over 50 days
- 26.2% of all endpoint threats involved RMM tool abuse
- 114,827 successful sign-ins where MFA was completely bypassed via legacy protocols
What MSPs should do right now
The full report includes recommendations mapped to each threat vector. These are the immediate priorities:
Deploy phishing-resistant MFA. Push-based MFA doesn’t stop AiTM, the session token is captured after authentication completes. FIDO2 keys and passkeys are bound to the origin domain and resist this technique.
Audit OAuth grants. Review all application grants across M365 and Google Workspace. A spike in consent events is an early indicator of an active phishing campaign. Implement admin approval requirements for sensitive permission scopes.
Monitor inbox rules in real time. Forward-and-delete rules targeting payment keywords and block-sender rules targeting IT senders are near-certain indicators of active BEC. This should be a high-priority alert across all client mailboxes.
Govern non-human identities. Inventory service principals and OAuth apps. Establish behavioral baselines. Deviations, new IP ranges, permission scope changes, and dormant account reactivation should trigger investigation, not just logging.
Block legacy authentication. The 114,827 MFA bypasses in this dataset happened through protocols that should have been disabled years ago. Block them via Conditional Access across every client tenant.
H2 2026: what’s coming next
The full report closes with six specific threat predictions. The key themes: AiTM kits become commodity tools available through phishing-as-a-service platforms; BEC shifts from inbox rules to Microsoft Graph API abuse; cloud-native ransomware emerges targeting SharePoint and OneDrive directly; and Google Workspace faces significantly increased targeting as attackers exploit the security tooling gap between GWS and M365 tenants.
“We’re building agentic security systems using the most advanced AI available. So are the attackers. The toolsets are converging, and the gap between defense and offense is narrowing faster than most people realize,” Doni Brass, SVP Product Strategy, Guardz
The data in this report is from the environments MSPs manage. The attacks documented here were observed across MSP-managed SMB tenants over a six-month window. Not modeled, not extrapolated.
