From $22M in Ransom to +100M Stolen Records: 2025’s All-Star SaaS Threat Actors to Watch

In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns. The cyber threat arena saw standout players, unexpected underdogs, and relentless scorers leaving their mark on the SaaS security playing field. As we enter 2025, security teams must prioritize SaaS security risk assessments to uncover vulnerabilities, adopt SSPM tools for continuous monitoring, and proactively defend their systems. Here are the Cyber Threat All-Stars to watch out for—the MVPs, rising stars, and master strategists who shaped the game. 1. ShinyHunters: The Most Valuable Player Playstyle: Precision Shots (Cybercriminal Organization) Biggest Wins: Snowflake, Ticketmaster and Authy Notable Drama: Exploited one misconfiguration to breach 165+ organizations. ShinyHunters swept into 2024 with a relentless spree of SaaS breaches, exposing sensitive data across platforms like Authy and Ticketmaster. Their campaign wasn't about exploiting a vendor vulnerability—but capitalizing on one misconfiguration overlooked by Snowflake customers. As a result, ShinyHunters could infiltrate, exfiltrate, and blackmail these snowflake users without enforcing MFA and properly securing their SaaS environments. 🏀 Behind the Play:…Read More