Welcome to March 2025 Threat Highlight Report.

March report covers

The report details a surge in email-based malware, ongoing exploitation of edge devices and supply chain vulnerabilities, and record ransomware activity, with European and manufacturing sectors heavily targeted. It also highlights increased identity attacks, credential compromises, and sophisticated threat campaigns leveraging cloud services and network infrastructure for espionage and data theft.

The key findings in the March 2025 Threat Highlight Report include:
 

1. A 268% surge in email-delivered malware, dominated by Snake Keylogger and Formbook campaigns, with regional differences in sightings and lure themes.
2. Continued mass exploitation of edge devices, with Chinese actor UNC5337 targeting Ivanti devices using SPAWN malware variants, illustrating ongoing supply chain vulnerabilities.
3. A record month for ransomware victims, notably Cl0p exploiting zero-day vulnerabilities, with threat actors also misusing OAuth apps for infiltration.
4. Widespread cloud misconfigurations, with 40% of networks allowing unrestricted access to major cloud providers, enabling malware spread and cloud-based resource abuse.
5. Cyber espionage campaigns leveraging cloud services and exploiting public-facing infrastructure, including incidents involving Microsoft's AI services and ISP routers.
6. The year 2024 was characterized by dominant threats such as edge exploitation, software supply chain attacks, and increased identity and credential attacks, emphasizing evolving attack surfaces.