Trending Topics Cybersecurity – October 2025

Large-scale cloud outages at AWS and Microsoft in October affected thousands of companies worldwide and once again highlighted the critical dependency of European companies and authorities on US hyperscalers - a possible "US kill switch" continues to pose a key risk to their digital ability to act. The European Commission's new European Cloud Sovereignty Framework therefore represents a paradigm shift: it defines verifiable criteria for providers, exposes "sovereignty washing" and, with the SEAL assessment, creates a standard for demonstrably sovereign solutions - an important first step towards regulatory security, data protection and technological independence.

Europe's authorities in the crosshairs of cyber criminals

Meanwhile, the threat situation is particularly tense due to targeted attacks on government structures: The latest ENISA Threat Landscape Report 2025 shows that more than one in three cyberattacks target public authorities (38 percent of all reported incidents). This makes public administration the sector most at risk. Politically motivated attacks by hacktivists account for almost 80% of all cases, mostly in the form of DDoS campaigns. State-supported actors are intensifying their attacks and increasingly relying on cyber espionage and strategic data manipulation, while the attack vectors are becoming more professionalized and differentiated.

Military facilities are also increasingly being targeted by cyber attacks: Back in July, a US nuclear weapons manufacturer was the target of an infiltration via critical SharePoint vulnerabilities. Furthermore, British military agencies had to admit to serious data theft by cyber criminals; sensitive documents relating to eight bases and service provider information appeared on the darknet, underlining the heightened threat situation for Western armed forces.

The top IT security topics in October:

ENISA report: One in three cyberattacks targets public authorities

According to the latest Threat Landscape Report from the European cybersecurity agency ENISA, 38.2 percent of all reported cyberattacks target public authorities, more than any other sector. Politically motivated attacks by hacktivists account for 80 percent of the incidents recorded. These are mostly targeted DDoS campaigns that are cost-effective and scalable and are primarily intended to attract attention and cause uncertainty among the population.

Most expensive damage in British economic history: cyberattack on Jaguar Land Rover

At the end of August 2025, British car manufacturer Jaguar Land Rover was the target of a cyberattack that brought production to a complete halt and crippled its IT systems for weeks. The economic damage is now estimated at £1.9 billion (around €2.2 billion); more than 5,000 organizations were affected, including numerous suppliers and dealers. To secure the supply chain, the British government supported the Tata subsidiary with a guarantee for a billion-pound loan.

AWS outage cripples numerous online services

A disruption in Amazon's cloud service AWS crippled numerous online services worldwide, including Office 365, Asana, Slack, and Zoom. Around 1,000 websites and services were affected by the outage. The cause was a failure of the DynamoDB database service in the early morning, which was resolved after about three hours. However, it took until the evening for individual services to return to normal. In total, millions of users worldwide were affected for several hours.

Controversial UN agreement against cybercrime signed

In Hanoi, more than 60 countries signed a UN agreement against cybercrime, which aims to strengthen international cooperation in the fight against digital crimes such as abuse images, money laundering, and phishing. However, human rights organizations and tech companies criticize the lack of protection against government abuse and fear restrictions on freedom of expression and excessive surveillance.

Germany is the number one target in the EU

According to a new report by Microsoft, Germany is the most frequently attacked country within the European Union. In a global comparison, Germany ranks fourth among the most frequent targets of attacks, making it the only EU country in the top 10. With a share of 17 percent each, most attacks are directed against government agencies and their services, as well as the IT sector.

Large-scale disruption: Microsoft's cloud down worldwide

At the end of October, a faulty configuration change in Microsoft's global content delivery network (CDN) caused numerous cloud service outages. Services such as Microsoft 365, Outlook, and Azure were among those affected. Users reported massive restrictions. Despite countermeasures being taken, it took more than 8 hours for services to be restored.

Federal procurement portal offline after DDoS attacks

A wave of DDoS attacks has crippled the federal procurement portal for several days. The procurement site is used by companies to submit electronic bids for public tenders, among other things. The attack is believed to have been carried out by the pro-Russian group NoName057(16), which repeatedly targets government websites.

KRITIS in the crosshairs: Cyberattack hits municipal utilities

The Clausthal-Zellerfeld municipal utilities were the victim of a cyberattack, which did not affect the electricity, water, and gas supply, however. After telephone and internet connections were shut down to limit the damage, forensic investigations are now underway to determine whether any data was stolen.

Cyberattack on Federal Employment Agency investigated

In early 2025, a group of perpetrators attempted to compromise around 20,000 user accounts of the Federal Employment Agency and divert social benefits; they succeeded in around 1,000 accounts, and in over 150 cases, bank details were changed. Thanks to swift countermeasures, the damage was limited to just under €1,000 and all suspects were identified through investigations; two are in custody for other offences, while the others remain at large. The accused now face prosecution for commercial computer fraud; according to the law, this can result in prison sentences of between six months and ten years.

Cyberattack on US nuclear weapons manufacturer

In July 2025, a US nuclear weapons manufacturer was infiltrated by hackers through security vulnerabilities in Microsoft Sharepoint; the plant produces around 80 percent of the non-nuclear components for US nuclear weapons. The entry point was vulnerable on-prem instances of Sharepoint Server. The actual impact is still unclear, confidential data may have been affected, and both Chinese and Russian groups are suspected.

British military hit by cyberattack: Sensitive military data on the darknet

Russian hackers stole secret military documents, including sensitive information on eight Royal Air Force and Royal Navy bases, in a ransomware attack on British defense contractor Dodd Group. The British government is investigating the incident, which is part of a growing wave of serious cyberattacks in the United Kingdom.

Federal government and Bavaria pool expertise for greater cybersecurity in AI and cloud computing

The Federal Office for Information Security (BSI) and the Bavarian State Office for Information Security (LSI) have signed a cooperation agreement. Together, they want to strengthen cyber and information security, particularly in the areas of artificial intelligence and cloud computing. The cooperation provides for the exchange of experience and expertise in order to better protect government IT systems and critical infrastructures.

Cloud Sovereignty Framework: EU introduces measurable cloud sovereignty standards

With the Cloud Sovereignty Framework, the EU Commission is presenting concrete measurement criteria for sovereign cloud services for the first time and is planning a €180 million procurement initiative. At its core are eight sovereignty objectives covering strategic, legal, operational, and technological requirements, which are assessed according to the SEAL system. The aim is to enable public authorities and companies to make transparent choices and have better control over European cloud infrastructures, while reducing the risk of extraterritorial access.

Success against cybercrime: Investigators shut down over 1,400 illegal websites

As part of a large-scale operation, investigators in Baden-Württemberg and other authorities have taken down more than 1,400 fraudulent websites that were used for cyber trading fraud. The platforms often lured German investors with supposedly lucrative financial offers and in many cases led to a complete loss of money.

Europol breaks up SIM fraud network – 40,000 SIM cards seized

Europol and international authorities have broken up the SIMCARTEL fraud network, seizing 40,000 SIM cards, servers, and luxury cars. The network used fake accounts, phishing, and online fraud to steal millions of euros across Europe. Seven suspects were arrested, some of them in Austria and Latvia.

Success Story: How the Regensburg district defends against waves of attacks with Myra

The Regensburg district protects its digital administrative services with security solutions developed in Germany by Myra Security. This enables the district to provide citizens with fail-safe, high-performance online services that meet the highest standards of data protection, compliance, and digital sovereignty.