Google Cloud Security has released its latest Threat Horizons Report for the first half of 2025, revealing a rapidly evolving cloud security landscape where threat actors are refining their tactics, prioritising data exfiltration, and exploiting identity as the new security perimeter.
While ransomware and data theft in the cloud are not new threats, Google Cloud’s intelligence experts warn that adversaries are shifting their focus to more sophisticated techniques, making it harder for organizations to detect, attribute, and mitigate attacks. This trend was first observed in the February 2024 edition of the Threat Horizons Report, where attackers were seen moving away from traditional encryption-based extortion methods in favor of data exfiltration and the exploitation of server-side vulnerabilities.
The latest findings highlight a concerning escalation, with threat actors leveraging advanced evasion techniques, identity-based attacks, and Ransomware-as-a-Service (RaaS) to maximize their impact. The report underscores key threat trends shaping the cloud security landscape:
Key Findings from the H1 2025 Threat Horizons Report
- Service Account Exploitation: Overprivileged service accounts remain a prime target, with attackers using lateral movement techniques to gain deeper access into cloud environments.
- Identity-Based Attacks: Threat actors are increasingly targeting compromised user identities in hybrid cloud environments, enabling persistent access and multi-layered extortion schemes.
- Cloud Database Breaches: Attackers are actively exploiting misconfigurations, weak credentials, and unpatched vulnerabilities to access sensitive cloud-hosted data.
- Ransomware-as-a-Service (RaaS): Cybercriminals are evolving their strategies to evade detection and attribution, adopting more adaptable and automated attack methods.
- Diversified Monetization Tactics: A threat actor group tracked as TRIPLESTRENGTH has been observed escalating privileges within compromised accounts, even charging victims’ cloud billing accounts to generate additional revenue.
- Advanced Extortion Methods: Attackers are employing MFA bypass techniques to breach cloud services while using aggressive communication tactics to pressure victims into paying ransoms.
Actionable Mitigations for 2025
To stay ahead of these evolving threats, organisations must prioritise data exfiltration prevention and identity protection within their cloud security strategies. Google Cloud’s latest report offers security professionals a deep dive into emerging attack vectors and provides actionable mitigations to strengthen defences.
For a full analysis of these trends and recommended security strategies, download the complete H1 2025 Threat Horizons Report here.