Curated News
By: NewsRamp Editorial Staff
September 23, 2025

Ontinue Report: MFA-Bypass Attacks Surge, Cloud Threats Escalate in 2025

Reddit Discuss on LinkedIn Discuss on Substack View History of this news story on GitHub
Original Source

TLDR

  • Ontinue's threat report reveals adversaries bypass MFA and exploit cloud gaps, giving organizations who implement its recommended controls a critical security advantage over competitors.
  • The report details how attackers use token replay, Azure persistence methods, and non-traditional phishing payloads to bypass security measures and maintain access for over 21 days.
  • By identifying emerging threats like USB malware resurgence and third-party compromises, this research helps organizations build stronger defenses to protect critical infrastructure and user data.
  • Cybercriminals are now using SVG files and USB drives to deliver malware, showing a surprising return to basic tactics alongside sophisticated cloud-based identity attacks.

Impact - Why it Matters

This threat intelligence report matters because it reveals how cybercriminals are evolving faster than many organizations can defend against them. The surge in MFA-bypassing attacks means that even organizations with robust authentication systems remain vulnerable to sophisticated identity-based threats. The dramatic increase in cloud persistence tactics and extended dwell times (exceeding 21 days in many cases) indicates that attackers are successfully evading detection in cloud environments where many businesses have rapidly migrated their operations. The resurgence of USB malware and the doubling of third-party risk demonstrate that attackers are exploiting both technological and supply chain vulnerabilities simultaneously. For businesses and individuals, this means that traditional security approaches are no longer sufficient - continuous monitoring, advanced threat intelligence, and multi-layered defense strategies have become essential. The report's findings are particularly critical for organizations relying on cloud infrastructure and third-party vendors, as these attack vectors can lead to devastating data breaches and operational disruptions affecting millions of users.

Summary

Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, has released its comprehensive 1H 2025 Threat Intelligence Report, revealing alarming trends in the cybersecurity landscape. The report, available for download here, details a sharp escalation in sophisticated attacks, particularly focusing on identity-based threats and exploitation of security blindspots. Key findings include a dramatic surge in cloud persistence tactics, with nearly 40% of Azure intrusions involving adversaries using multiple persistence methods and achieving median dwell times exceeding 21 days when telemetry suppression occurred.

The threat landscape shows adversaries becoming increasingly sophisticated, with token replay abuse affecting roughly 20% of live incidents as attackers bypass multi-factor authentication by reusing stolen refresh tokens even after password resets. The report also highlights the dominance of non-traditional phishing payloads, where over 70% of attachments bypassing secure email gateways used formats like SVG or IMG rather than traditional Office documents. Surprisingly, USB malware has resurfaced with a 27% increase compared to late 2024, demonstrating that even basic attack vectors remain potent threats. Third-party risk has doubled year-over-year, with nearly 30% of incidents linked to vendor compromise, while ransomware remains highly active with more than 4,000 claimed breaches globally despite a 35% year-over-year drop in reported ransom payments.

According to Craig Jones, Chief Security Officer at Ontinue, "Cybercriminals are operating with the speed and adaptability of modern businesses. They pivot, rebrand, and retool in weeks, not months." Balazs Greksza, Director of Threat Response, emphasized that attackers are "blending technical skill with human-focused tactics, leveraging trusted vendors, manipulating identities, and exploiting small configuration gaps that snowball into major incidents." The report provides practical defensive measures including phishing-resistant MFA, hardened endpoint configurations, and robust vendor risk management, stressing that organizations must integrate real-world threat intelligence into security testing to ensure defenses match current adversary techniques. The findings underscore that security cannot be approached as a static project but requires continuous, intelligence-led processes to address evolving threats effectively.

Source Statement

This curated news summary relied on content disributed by citybiz. Read the original source here, Ontinue Report: MFA-Bypass Attacks Surge, Cloud Threats Escalate in 2025

blockchain registration record for this content.