AppOmni highlights evolving SaaS cyber threats for 2025

AppOmni has highlighted key SaaS security incidents of 2024, forecasting an evolution in cybersecurity threats for 2025.

A series of high-profile breaches last year revealed significant vulnerabilities in SaaS applications. Russian attackers known as Midnight Blizzard gained access to Microsoft's internal systems, exploiting compromised credentials through a legacy OAuth app, which enabled the exfiltration of senior executives' emails. Similarly, attackers infiltrated Cloudflare's Atlassian instance using OAuth tokens from a previous breach, accessing internal code repositories and exfiltrating sensitive source code related to operational technologies.

Snowflake customers also fell victim to similar credential-based attacks. These breaches highlighted how misconfigurations in single sign-on (SSO) enforcement, IP restrictions, and dormant accounts could allow attackers to exploit sensitive data. These incidents underscore the need for robust security measures to protect digital environments.

"In 2024, business was disrupted by costly SaaS 'bypass' breaches that circumvented their identity and access management (IAM) and zero trust (ZT) controls. 2025 will bring awareness to end-to-end controls needed for SaaS with tight interdependencies between ZT, identity, SaaS posture, and detection and response capabilities," said Brian Soby, CTO and Co-Founder of AppOmni.

Over the past two years, the attack surface for SaaS applications has expanded dramatically. With businesses shifting to cloud-based systems, the traditional security perimeter has dissolved, posing challenges in maintaining security in a remote access environment. Attackers are now bypassing traditional security measures to target identity misconfigurations, overly permissive access controls, and vulnerabilities in application programming interfaces (APIs), among others.

The use of artificial intelligence (AI) in cyberattacks is growing. Attackers now leverage AI to automate and refine their methods, leading to more efficient exploitation of SaaS vulnerabilities. "SaaS applications are likely to continue to face increasingly sophisticated threats as adversaries exploit advancements in technology – especially AI," remarked Justin Blackburn, Senior Cloud Threat Detection Engineer at AppOmni. He further noted that AI will lower the entry barrier for attackers while increasing the speed and scale of potential attacks.

The rise of AI-driven attacks means attackers can now execute sequences from initial access to data exfiltration more swiftly. Martin Vigo, Lead Offensive Security Engineer at AppOmni, commented, "Automation-driven perimeter breaches will remain prevalent in 2025, with large-scale reconnaissance, password spraying, and AI-powered phishing automation among the leading tactics. Enterprises must anticipate automated attacks by securing all internet-exposed resources."

Looking ahead to 2025, AppOmni experts predict an increase in SaaS-based attacks, largely driven by nation-state actors and organised crime groups. Additionally, the adoption of Zero Trust platforms will become essential as organisations aim to mitigate the risk of lateral movement within SaaS applications. Identity management, focusing on continuous monitoring of OAuth permissions and maintaining credential hygiene, will also become a critical focus.

"The past few years, we've seen a steady uptick in supply-chain attacks on SaaS through compromised third-party applications," noted Aaron Costello, Chief of SaaS Security Research at AppOmni. "My research into data exposures has shown that often, no initial foothold needs to be gained for threat actors to access the sensitive data they want."

The need for AI governance and effective defence integration will also be pivotal as the threat landscape evolves. Organisations will be required to integrate AI-driven security tools capable of mitigating AI-based exploits into their security posture to defend against increasingly sophisticated threats.

As SaaS applications continue to become a crucial part of the business infrastructure, the focus on securing these platforms against evolving cyber threats remains imperative. This entails not only adopting advanced security measures but also continuously monitoring and adjusting tactics to mitigate emerging threats.