Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-new-threat-horizons-details-evolving-risks-and-defenses/
Source: Cloud Blog
Title: Cloud CISO Perspectives: New Threat Horizons details evolving risks — and defenses
Feedly Summary: Welcome to the first Cloud CISO Perspectives for August 2025. Today, our Office of the CISO’s Bob Mechler and Anton Chuvakin dive into the key trends and evolving threats that we tracked in our just-published Cloud Threat Horizons report.As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
aside_block
New Cloud Threat Horizons details evolving threats — and defensesBy Bob Mechler, director, Office of the CISO, and Anton Chuvakin, security advisor, Office of the CISO
Bob Mechler, director, Office of the CISO
Threat actors are leaning into cyberattacks against cloud service providers and honing their tactics to specifically target recovery mechanisms and supply chains — often to achieve high-value compromises.That’s one of the top conclusions from our newest Threat Horizons Report, a free biannual publication sharing strategic intelligence on cloud threats that draws on research from Google Cloud’s Office of the CISO, Google Threat Intelligence Group (GTIG), Mandiant Consulting, and intelligence, security, and product teams.
Anton Chuvakin, security advisor, Office of the CISO
These cyberattacks are starting from a frustratingly familiar place: Credential compromise and misconfiguration are still the leading entry points for threat actors in cloud environments.“During the first half of 2025, weak or absent credentials were the predominant threat, accounting for 47.1% of incidents. Misconfigurations (29.4%) and API/UI compromises (11.8%) followed as the next most-frequently observed initial access vectors,” the report said.
These findings closely mirror our observations in previous Cloud Threat Horizons Reports, emphasizing the critical need for robust identity and access management and proactive vulnerability management.
As threat actors advance their methods for data exfiltration, identity compromise, supply chain attacks, and improving evasion and persistence techniques, Google Cloud security experts offer four critical insights into these evolving risks, supported by threat intelligence and risk mitigations.
The new report takes stock of the state of cloud security, and focuses on actionable recommendations for leaders and practitioners. As threat actors advance their methods for data exfiltration, identity compromise, supply chain attacks, and improving evasion and persistence techniques, Google Cloud security experts offer four critical insights into these evolving risks, supported by threat intelligence and risk mitigations.1. Foundational vulnerabilities persistA persistent challenge is the continued exploitation of basic security weaknesses in the cloud. Despite defensive advancements, the primary entry points for threat actors — credential compromise and misconfiguration — are driven by a lack of attention to cloud security fundamentals.As we noted, these foundational issues accounted for a significant portion of incidents in the first half of 2025. Too many organizations struggle with these basics and we can not emphasize enough the importance of robust identity and access management and proactive vulnerability management — reach out to your cloud provider to ensure your metaphorical windows and doors are locked.2. Attacking backups to pressure victimsThreat actors are increasingly targeting backup infrastructure to hinder recovery efforts. Financially-motivated attackers are now routinely compromising backup systems to ensure that organizations can’t restore data after a ransomware attack and coerce them into capitulating.This shift emphasizes the critical importance of business continuity. Our report highlights the need for solutions, including Cloud Isolated Recovery Environment (CIRE), to provide a secure restore point. A robust disaster recovery plan, rooted in layered security, should go beyond relying solely on cloud backups.3. MFA is effective, but not invulnerableMulti-factor authentication (MFA) is a highly effective security measure. However, threat actors are developing more sophisticated methods to bypass it, particularly through social engineering to steal credentials and session cookies.For example, the North Korean threat actor group UNC4899 used social media to trick employees into running malicious Docker containers and then steal the victim’s credentials and session cookies to gain access to cloud environments. In some instances, they used credential and cookie theft to bypass weaker MFA methods to avoid detection.As Google Cloud and Workspace take steps to add additional layers of protection to the MFA process with passkeys and device-bound session credentials, cloud customers should also adopt a comprehensive defense-in-depth strategy. Robust session management and enhanced user awareness training can prove vital to mitigating MFA threats.4. Evolving supply chain attacksThe supply chain continues to be a significant area of risk, and we’ve observed threat actors using trusted cloud services to host decoy files and payloads. The new Cloud Threat Horizons report details campaigns where seemingly-benign PDFs on legitimate cloud platforms were used to distract victims while malicious payloads were downloaded — a classic trust-exploitation attack.It shouldn’t come as a surprise that adversaries are evolving their tactics to target personnel, recovery plans, and the inherent trust in platforms. CISOs and security leaders should encourage their organizations to evolve as well, from addressing individual vulnerabilities to building a resilient, end-to-end security program prepared for today’s threat landscape.Level up your cloud security todayEffectively navigating today’s threats means that organizations should prioritize a defense-in-depth strategy that prioritizes identity security, robust recovery mechanisms, continuous vigilance against sophisticated social engineering and deception tactics, and supply chain integrity.For more details on the threats facing cloud providers and users, and mitigations for those risks, you can download the new Cloud Threat Horizons report here.
aside_block
<ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x7f8678469490>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed itHere are the latest updates, products, services, and resources from our security teams so far this month:Your guide to Security Summit 2025: AI can help empower defenders, and also create new security challenges. Join us for this year’s Security Summit as we focus on those themes. Read more.Complex, hybrid manufacturing needs strong security. Here’s how CISOs can get it done: Our Office of the CISO has developed actionable security guidance for hybrid manufacturing OT networks. Here’s what you need to know. Read more.Forrester study: Customers cite 240% ROI with Google Security Operations: A new Forrester Consulting study on Google Security Operations found a 240% ROI over three years, with a net present value (NPV) of $4.3 million. Read more.Google Cloud’s commitment to EU AI Act support: We intend to sign the European Union AI Act Code of Practice. Here’s what our European customers should know. Read more.Introducing audit-only mode for Access Transparency: Introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model. Read more.Best practices to prevent dangling bucket takeovers: Storage buckets are where your data lives in the cloud, but sometimes they get forgotten. Here’s how to secure them against dangling bucket attacks. Read more.New patch rewards program for OSV-SCALIBR: Participants in the program will be eligible to receive a financial reward for providing novel OSV-SCALIBR plugins for inventory, vulnerability, and secret detection. Read more.Android’s pKVM first globally-certified software to earn SESIP Level 5: With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device AI workloads that can operate on ultra-personalized data, with the highest assurances of privacy and integrity. Read more.Please visit the Google Cloud blog for more security stories published this month.
aside_block
<ListValue: [StructValue([(‘title’, ‘Learn something new’), (‘body’, <wagtail.rich_text.RichText object at 0x7f8678469b80>), (‘btn_text’, ‘Watch now’), (‘href’, ‘https://www.youtube.com/watch?v=353plPq3P-s’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence newsExposing the risks of VMware vSphere Active Directory integration: The common practice of directly integrating vSphere with Microsoft Active Directory can simplify administration tasks, but also creates an attack path frequently underestimated due to misunderstanding the inherent risks. Read more.Defending your VMware vSphere estate from UNC3944: Take a deep dive into the anatomy of UNC3944’s vSphere-centered attacks, and study our fortified, multi-pillar defense strategy for risk mitigation. Read more.Ongoing SonicWall SMA exploitation campaign using the OVERSTEP backdoor: Google Threat Intelligence Group (GTIG) has identified an ongoing campaign by a suspected financially-motivated threat actor we track as UNC6148, targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances. Read more.Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google CloudGoogle lessons for using AI agents to secure our enterprise: What can AI agents do for your organization’s security? Dominik Swierad, product development and strategy lead, AI and Sec-Gemini, joins hosts Anton Chuvakin and Tim Peacock for a lively chat on the state of using AI agents to improve security. Listen here.Making security personal, the TikTok way: Kim Albarella, global head of security, TikTok, discusses security strategies, appropriate metrics, and balancing the need for localized compliance with the desire for a consistent global security posture with Anton and Tim. Listen here.Defender’s Advantage: Securing protection relays in modern substations: Host Luke McNamara is joined by members of Mandiant Consulting’s Operational Technology team to discuss securing assets in the energy grid. Listen here.To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
AI Summary and Description: Yes
**Summary:** The text discusses the evolving landscape of cloud security threats as highlighted in the latest “Cloud Threat Horizons” report from Google Cloud’s Office of the CISO. It emphasizes critical insights into the current state of cloud security, identifying key threats and recommending proactive strategies to bolster defenses. This is particularly relevant for cybersecurity professionals focused on securing cloud environments and managing compliance.
**Detailed Description:**
The provided text serves as an announcement for the August 2025 edition of the “Cloud CISO Perspectives,” spotlighting the findings from the “Cloud Threat Horizons” report. The report outlines significant trends and emerging threats in the cloud security landscape, emphasizing the increasing sophistication of cyberattacks. Below are the crucial insights and points made within the text:
– **Evolving Threat Landscape:**
– Cyberattacks are increasingly directed at cloud service providers, focusing on recovery mechanisms and supply chains—often leading to high-value compromises.
– **Key Entry Points:**
– Credential compromise remains the leading vector, accounting for 47.1% of incidents.
– Misconfiguration (29.4%) and API/UI compromises (11.8%) are also prevalent attack vectors.
– These recurring issues underline the need for better identity and access management practices.
– **Four Critical Insights on Cloud Security:**
1. **Foundational Vulnerabilities Persist:**
– Basic security weaknesses continue to be exploited. Emphasis on improving identity and access management and addressing misconfigurations is crucial.
2. **Attacking Backups:**
– Attackers are beginning to target backup systems, complicating recovery efforts post-ransomware attacks. This highlights the necessity for robust business continuity plans that utilize secure restore points.
3. **Multi-Factor Authentication (MFA) Vulnerabilities:**
– Despite being effective, MFA is under threat from sophisticated social engineering techniques. Organizations are advised to enhance session management and user training alongside their MFA strategies.
4. **Evolving Supply Chain Attacks:**
– Adversaries now leverage trusted cloud services to host malicious payloads, necessitating an evolved response from organizations to strengthen their end-to-end security programs.
– **Recommendations for Improved Security:**
– Organizations should adopt a defense-in-depth strategy that primarily emphasizes:
– Identity security
– Robust recovery mechanisms
– Continuous vigilance against social engineering
– Maintenance of supply chain integrity
The report is designed to provide actionable insights and recommendations to help CIOs and security professionals navigate these persistent and evolving threats effectively. As attackers refine their tactics, continuous improvements in security posture and adherence to foundational security measures are vital for safeguarding cloud environments.
In summary, the content is not only relevant but also essential for practitioners striving to understand and mitigate the current risks associated with cloud security, informing them about necessary strategies and proactive measures to adopt in their organizations.