Cyberattacks 2025: Attackers Exploit ScreenConnect and Microsoft 365 for Cyber Breaches

In 2025, cyberattacks targeting businesses are rising. Barracuda security researchers report an increase in attacks using trusted tools. Attackers are using ScreenConnect and Microsoft 365 for cyber breaches.

ScreenConnect is a popular platform used by companies to manage devices remotely. Hackers are now targeting old and unpatched versions of this software. Vulnerabilities discovered earlier this year allow attackers to install malware, deliver ransomware, steal data, and move across networks.

Cyberattacks 2025: Attackers Exploit ScreenConnect and Microsoft 365 for Cyber Breaches

Attackers can connect their own devices to a company’s ScreenConnect instance or even deploy the software themselves. Because ScreenConnect is trusted, these malicious actions often go unnoticed.

Although ScreenConnect released a security patch in April 2025, many organisations remain at risk. Companies that use outdated versions, lack multifactor authentication (MFA), or have unmanaged remote access are especially vulnerable.

“The detection of ScreenConnect does not immediately arouse suspicion,” said Mike Flouton, Vice President of Product Management at Barracuda.

Using stolen or purchased usernames and passwords remains a top tactic for hackers. Once attackers log in with valid credentials, they blend in with normal user activity. This makes it hard for companies to detect breaches.

Hackers use these credentials to deploy ransomware, steal sensitive data, or maintain long-term access. Repeated login attempts or unusual use of tools like PowerShell and PsExec are common warning signs. Companies with weak password policies, infrequent credential updates, or poor monitoring are at higher risk.

Microsoft 365 accounts have also seen a spike in suspicious logins. Many attempts come from countries outside the usual business regions. Hackers often use stolen password databases from criminal forums. Accessing these accounts allows attackers to steal files, intercept communications, or impersonate staff for phishing attacks.

Organisations that do not use MFA, geo-blocking, or careful monitoring of login locations face higher threats. Sophisticated attackers can escalate privileges or conduct further attacks once inside the system.

See Also: Predator Spyware Pakistan: Leaked Intellexa Files Expose New Targets as Scandal Widens

How to Defend

Experts stress a multi-layered security approach. Companies should:

• Update software regularly.
• Enforce strong password policies.
• Use MFA, especially for administrators and remote access accounts.
• Monitor for unusual activity continuously.

Employee training is also key. Staff should learn to recognize phishing attempts and report suspicious activity. Automated security systems and advanced detection tools can alert teams to misuse of trusted tools or stolen credentials.