2025 has seen a significant rise in cyber threats affecting organisations across all sectors around the globe. Each attack demonstrates the increasing sophistication of attackers and the methods they use to exploit businesses.
From ransomware campaigns to fishing and credential-harvesting attacks, the past few weeks has seen a whole range of threats hitting organisations. We share some of the top incidents in our latest roundup.
UK is the 3rd most targeted nation for malware attacks
Experiencing over 100 million cyberattacks in just 3 months, the UK has become the third most targeted country in the world for malware attacks. The US and Canada recorded higher volumes, however the UK did see a 7% increase in attacks between the first and second quarters of 2025.
In the report from NordVPN, the most likely reason for the UK being a prime target is due to its high digital economy. Malware attacks are becoming increasingly sophisticated and capable of stealing login credentials and attackers are frequently impersonating major organisations like Amazon and HMRC to exploit individuals and businesses. Cybersecurity firms have reported record levels of ransomware activity throughout the year, emphasising the need to strong defences and round the clock monitoring.
SonicWall firewall devices ransomware attack
Beginning in mid-July, SonicWall firewall devices with targeted in a surge of Akira ransomware attacks. The attacks mainly exploited SSL VPNs with the suspected entry point thought to be via zero-day vulnerability or migrated credentials. The attackers moved quickly from VPN access to data encryption. Affected organisations included Nissan and Hitachi. Recommended measures to mitigate damage to those affected have been to temporarily disable SSL VPNs, apply firmware updates, reset migrates and local passwords, enforce MFA, remove inactive accounts, and enhance overall monitoring and logging.
It’s reported that the ‘Ransomware-as-a-Service’ Akira group have eared over $42 million from previous attacks.
Cisco CRM data breach
At the end of last month, Cisco confirmed a fishing attack targeting a single employee. The attack allowed unauthorised access to a third-party cloud-based CRM system, compromising data that included customer names, company affiliations, addresses, Cisco user IDs, email addresses, phone numbers and account metadata.
It’s said that now passwords, sensitive customer information or proprietary data were affected and that Cisco’s main services remained unaffected. In response to the attack, Cisco terminated the attackers access, informed authorities and affected users. This incident is a prime example of the growing risk posed by fishing attacks and third-party systems being use as entry points for attackers.
Salesforce credential harvesting attack
Between the 8th and 18th August, hackers targeted Salesforce customer environments through a widespread credential-harvesting campaign through compromised OAuth tokens in Salesloft’s Drift AI chat agent (a third-party tool integrated with Salesforce). It’s reported that more than 700 organisations were potentially affected with attackers using a Python automated tool to extract data across multiple Salesforce in large volumes, including AWS access keys, passwords and Snowflake access tokens - the exploitation did not involve any vulnerabilities in the Salesforce platform itself.
On the 20th of August, Salesloft worked with Salesforce to revoke all active access and refresh drift tokens. Salesforce have removed Salesloft Drift from its AppExchange marketplace pending further investigation of the campaign, stating:
Chanel and Pandora data breaches
Luxury fashion brand Chanel and jewellery manufacturer Pandora recently disclosed data breaches affecting their US customers. Pandora confirmed that customers names, date of birth and email addresses were accessed via its Salesforce, but no passwords or financial data was compromised in the breach.
Chanel reported that names, email addresses, physical addresses and phone numbers were stolen through a third-party hosted database but have confirmed that no malware was deployed and operations remained unimpacted.
These attacks are believer to be linked to the ShinyHunters group which uses fishing to trick employees into revealing Salesforce credentials or MFA tokens. Despite the limited nature of the data breaches, it can still be exploited and these attacks are another example of how all organisations needs to increase staff training and awareness, implement robust access controls and continuously monitor for suspicious activity.
Strengthening defences …
Once again, these incidents highlight the evolving and multifaceted nature of cyber threats. Organisations must adopt proactive, layered approaches to cybersecurity to safeguard sensitive data and protect their businesses and customers.
At Brigantia, we support our partners to deliver strong cybersecurity solutions to their clients through our selection of leading cybersecurity vendors, which you can find out more about here.
To read more articles like this, follow this link to our news and articles page.
