2025 Cybersecurity Predictions - Attackers Will Continue Targeting SaaS Applications

SaaS applications will continue to face increasingly sophisticated threats as adversaries exploit advancements in technology - especially AI," said Justin Blackburn, senior cloud threat detection engineer at AppOmni said. "AI will enable threat actors to more easily uncover SaaS vulnerabilities and misconfigurations, bypass traditional security measures, and craft more convincing phishing campaigns.

"As AI becomes more capable and accessible, the barrier to entry for less skilled attackers will become lower, while also accelerating the speed at which attacks can be carried out. Additionally, the emergence of AI-powered bots will enable threat actors to execute large-scale attacks with minimal effort. Armed with these AI-powered tools, even less capable adversaries may be able to gain unauthorized access to sensitive data and disrupt services on a scale previously only seen by more sophisticated, well-funded attackers."

Martin Vigo, lead offensive security engineer, AppOmni commented: "Automation-driven perimeter breaches will remain prevalent in 2025, with large-scale reconnaissance, password spraying, and AI-powered phishing automation among the leading tactics. As SaaS platforms increasingly fall within the scope of these attacks, the potential impact of breaches will continue to escalate significantly.

"Enterprises must anticipate automated attacks by securing all internet-exposed resources. Today's attackers no longer selectively target; instead, they pursue any organization lacking a robust security posture."

"The past few years, we've seen a steady uptick in supply-chain attacks on SaaS through compromised third-party applications," added Aaron Costello, chief of SaaS security research, AppOmni. "As a result, organizations are placing these integrations and their requested access levels under far more scrutiny.

"My research into data exposures has shown that often, no initial foothold is needed for threat actors to gain access to the sensitive data they want. The combination of undocumented legacy API endpoints, over-privileged public access, and gaps in vendor logging capabilities will continue to provide a dangerously effective option for threat actors to execute hit-and-run style attacks in the future."

Brian Soby, CTO and co-founder, AppOmni: "In 2024, business was disrupted by costly SaaS 'bypass' breaches that circumvented their identity & access management (IAM) and zero trust (ZT) controls. 2025 will bring awareness to end-to-end controls needed for SaaS with tight interdependencies between ZT, identity, SaaS posture, and detection and response capabilities."