Escalating Cloud and Supply Chain Security Threats in 2025
The cybersecurity landscape in 2025 is marked by a rapid acceleration in both the frequency and sophistication of cyberattacks, with cloud environments and supply chains emerging as primary targets. According to the Microsoft Digital Defense Report 2025, financially motivated cyberattacks and nation-state operations have intensified, leveraging artificial intelligence to increase the speed, scale, and profitability of attacks. AI-powered phishing campaigns now achieve up to 50 times greater profitability by automating personalized attacks, while the window for compromising cloud containers has shrunk to just 48 hours after deployment. North Korean threat actors have embedded tens of thousands of operatives globally, exploiting the remote workforce as a persistent attack vector. Microsoft telemetry reveals an 87% increase in disruptive campaigns targeting Azure environments, with credential theft and data exfiltration attempts rising by 23% and 58%, respectively. Azure Blob Storage, a critical component for storing unstructured data, is increasingly targeted by threat actors seeking to compromise data integrity and business continuity. Microsoft’s Secure Future Initiative has responded by strengthening default security measures and providing actionable recommendations for defending against these evolving threats, including leveraging Microsoft Defender for Cloud’s Defender for Storage plan. The broader industry is also witnessing a surge in supply chain breaches, with 2025 statistics showing a 68% increase in such incidents, now accounting for 15% of all data breaches. Nearly one-third of all breaches are linked to third-party vendors or partners, and Gartner predicts that 45% of organizations will experience a supply chain breach by the end of 2025. No industry is immune, as interconnected digital ecosystems expand the attack surface and expose organizations to cascading risks from less secure partners. Cloud security incidents are on the rise, with 80% of organizations reporting an increase and 45% of breaches being cloud-based, resulting in an average cost of $4.35 million per breach. Disaster Recovery-as-a-Service (DRaaS) and cyber recovery solutions are increasingly critical for ensuring business continuity and resilience, focusing on restoring clean, uncompromised systems after disruptions. The need for robust security baselines, continuous monitoring, and strategic recovery planning is underscored by the evolving tactics of threat actors and the growing complexity of cloud and supply chain environments. Organizations are urged to adopt a proactive, layered defense strategy, leveraging AI-driven detection, secure configuration, and rapid incident response to mitigate the impact of these accelerating threats. The convergence of cloud and supply chain vulnerabilities demands heightened vigilance, cross-functional collaboration, and investment in advanced security technologies to safeguard critical assets and maintain operational resilience in the face of relentless cyber adversaries.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Microsoft report highlights AI-driven cyberattack trends
A Microsoft 2025 report described adversaries increasingly using AI to scale and refine attacks, with identity compromise, cloud misconfigurations, ransomware, and attacks on AI systems among the major trends.
Microsoft publishes analysis of Azure Blob Storage attack chains
Microsoft released a security blog detailing how threat actors target Azure Blob Storage for reconnaissance, credential abuse, malware hosting, lateral movement, and exfiltration, and recommended Defender for Storage and Zero Trust-aligned mitigations.
Microsoft attributes MOVEit-related activity to Lace Tempest
Microsoft later attributed the 2023 MOVEit Transfer attacks affecting Blob Storage-connected environments to Lace Tempest, a threat actor associated with the Clop extortion site.
MOVEit Transfer zero-day impacts Blob Storage-integrated environments
In 2023, organizations that integrated MOVEit Transfer with Azure Blob Storage were affected by exploitation of a zero-day vulnerability, according to Microsoft's later analysis of cloud attack activity.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
helpnetsecurity.com
Open sourceThe CISO imperative: Building resilience in an era of accelerated cyberthreats
microsoft.com
Open sourceThe Hidden Cost of Supply Chain Breaches: 2025 Statistics on Downtime, Disruption, and Financial Loss
socradar.io
Open sourceInside the attack chain: Threat activity targeting Azure Blob Storage | Microsoft Security Blog
microsoft.com
Open sourceMitigating Cloud Security Threats with Strategic Cyber Recovery
securitysenses.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Trends and Challenges in Cybersecurity for 2025-2026
The cybersecurity landscape in 2025 saw significant evolution, with a marked increase in supply chain attacks targeting CI/CD pipelines, open source packages, and developer tooling. Organizations like StepSecurity reported detecting and responding to some of the most consequential supply chain compromises before they became public, highlighting the need for real-time visibility and enforcement across software supply chains. The year also witnessed rapid growth in the adoption of security solutions, as enterprises sought to protect their development environments and open-source repositories from increasingly sophisticated threats. Simultaneously, the industry experienced major shifts in technology and risk management. Startups drove innovation in browser security, application security for AI-generated code, and SOC automation, reflecting the growing importance of cloud-based workspaces and AI-driven applications. On the risk management front, CISOs faced a tightening cyber insurance market, with insurers demanding more rigorous proof of security controls and warning that major supply chain or AI-related incidents could quickly harden underwriting standards. These developments underscore the need for organizations to adapt their security strategies to address both emerging technical threats and evolving risk management requirements.
Mar 21, 2026
Evolving Cybersecurity Threats and Organizational Preparedness in 2025
Geopolitical instability, rapid technological advancement, and persistent skills shortages are fundamentally reshaping the cybersecurity landscape for organizations worldwide. According to a PwC report, 60% of executives now rank cyber risk investment among their top three strategic priorities, driven by concerns over political instability, trade disputes, and shifting alliances. Despite this heightened awareness, only about half of surveyed organizations feel very capable of withstanding cyberattacks on common vulnerabilities, and a mere 6% report preparedness across all vulnerabilities, highlighting significant exposure through legacy systems and complex supply chains. The financial impact of breaches remains severe, with over a quarter of respondents experiencing incidents costing at least $1 million in the past three years, disproportionately affecting large enterprises and technology-driven sectors. Spending on cybersecurity is increasing, with 78% of organizations expecting budget growth, yet only 24% are channeling more resources into proactive measures such as monitoring, testing, and training, indicating a continued reactive posture. The ENISA Threat Landscape 2025 report underscores the professionalization of cybercrime, the convergence of criminal and state-aligned actors, and the rise of hacktivist groups leveraging ransomware for both ideological and financial gain. Ransomware remains the most disruptive threat across the EU, with groups adopting decentralized operations, double- and triple-extortion tactics, and exploiting regulatory compliance fears to pressure victims. The proliferation of Ransomware-as-a-Service (RaaS), public leaks of builder tools, and the emergence of access brokers have lowered barriers to entry, fueling a diverse and persistent threat ecosystem. Weak authentication practices persist in many organizations, with passwords and SMS codes still dominant despite their vulnerability to phishing and credential theft. A significant portion of employees have never received cybersecurity training, and outdated policies further exacerbate risk, as personal and professional security habits often overlap, creating additional attack vectors. The adoption of stronger authentication methods, such as device-bound passkeys, remains limited, and resistance to multi-factor authentication is common due to perceived complexity. The use of AI in both attack and defense is accelerating, with AI-generated phishing campaigns and adaptive malware becoming more prevalent, while defenders also leverage AI for predictive threat detection. The overall picture is one of rising threat sophistication, uneven organizational preparedness, and a pressing need for sustained investment in proactive security measures, workforce training, and the adoption of advanced technologies to build resilience against an increasingly complex cyber threat landscape.
May 4, 2026
Predicted Surge in Cloud and SaaS Security Risks for 2026
Security experts forecast a significant escalation in cloud and SaaS-related cyber threats in 2026, with attackers increasingly targeting cloud-native platforms and exploiting third-party SaaS supply chains. Ransomware groups are expected to focus on platforms like Microsoft 365, leveraging cloud footholds to pivot into on-premises environments, while the proliferation of third-party integrations creates new vulnerabilities. The lack of standard security features such as MFA and audit logs in many SaaS offerings is anticipated to exacerbate these risks, making supply-chain-style attacks more common and impactful. Industry leaders emphasize that the evolving threat landscape is deeply interconnected with broader business and geopolitical factors, requiring security teams to prioritize identity, access governance, and context-driven defense strategies. The convergence of cloud outages and trust issues, combined with the rapid adaptation of attackers, underscores the need for organizations to treat cloud and SaaS security as a core business risk rather than an optional add-on. Without a shift in vendor practices and customer expectations, the frequency and severity of cloud-based breaches are expected to rise throughout 2026.
Mar 21, 2026