Cloud Threats OVERWHELM Security Teams!

A staggering 500% surge in cloud account attacks has exposed new weaknesses in America’s digital defenses, raising urgent questions about whether current security strategies can keep up as attackers bypass old-school protections and target the very identities powering modern business.

Story Snapshot

Detection of cloud account threats jumped 500% in 2025, signaling a seismic shift in cyber risk.
AI-driven tools and identity analytics now lead the fight, replacing outdated perimeter-based security models.
New attack methods exploit cloud storage and firewalls, while phishing and social engineering evolve rapidly.
Security teams face alert overload, forcing a move toward smarter, identity-centric defense strategies.

Cloud Account Attacks Skyrocket: Identity is the New Battleground

Red Canary, now under Zscaler, has reported an unprecedented 500% year-over-year increase in cloud account threat detections for the first half of 2025. This leap is not just a statistical anomaly—it represents a fundamental change in how attackers operate, shifting away from traditional endpoints to target the cloud identities that grant access to critical business systems. The report underscores that legacy security models, which focused on guarding the network perimeter, are no longer sufficient as attackers exploit weaknesses in cloud environments and identity management.

This escalation is attributed to two key factors: the deployment of AI agents that monitor for suspicious login patterns and the expansion of identity-based detection capabilities. These tools enable security teams to identify risky user behaviors, such as anomalous device usage or VPN abuse, much faster than before. However, this improved visibility has also revealed a dramatic rise in sophisticated attack techniques, including two new methods—Data from Cloud Storage and Disable or Modify Cloud Firewall—now ranking among the ten most common threats. The rapid evolution of these tactics demands a complete rethink of how organizations defend their most sensitive data and systems.

Watch: 2024’s most impactful threats: Identity abuse, cloud attacks & more

The Shift from Endpoints to Cloud: Why Old Defenses Are Failing

The migration of critical infrastructure and applications to the cloud has expanded the digital attack surface far beyond what legacy endpoint-centric security can handle. Since 2020, businesses have increasingly relied on cloud-based identity providers and SaaS platforms, creating new vulnerabilities. Attackers are exploiting weak authentication processes, misconfigured cloud environments, and social engineering schemes to bypass traditional defenses. Infostealer malware and credential theft are more prevalent, providing bad actors with the keys to the kingdom—valid credentials that grant unfettered access to cloud resources.

Historical breaches, such as the Capital One incident, spotlight the risks of misconfigured cloud services. Ongoing threats like business email compromise and advanced phishing campaigns continue to target cloud accounts, exploiting both technological and human weaknesses. The Red Canary report highlights that only 16% of user-reported phishing emails in 2025 were genuine threats, revealing the challenge security teams face in distinguishing real attacks from noise. As detection systems improve, organizations must contend with both an increase in actual threats and the burden of filtering out false positives.

Who Is at Risk: Stakeholders and Ramifications

This cloud threat surge directly impacts enterprises running their operations in the cloud, security teams responsible for protecting sensitive assets, and end users whose data is at risk. The primary adversaries include sophisticated threat groups like Scarlet Goldfinch, which have adopted new social engineering tactics, such as fake CAPTCHA malware delivery, to bypass security controls. Cloud service providers—such as AWS, Azure, and Google Cloud—find themselves at the center of this digital arms race, pressured to enhance their platforms’ security while maintaining usability and trust. Meanwhile, security vendors like Red Canary and Zscaler drive innovation but must balance automation with the need for human validation to avoid alert fatigue and wasted resources.

The economic toll is significant: organizations are forced to invest in advanced detection tools, incident response, and staff training. Socially, increased false alerts risk user fatigue, undermining security culture. Politically, high-profile breaches invite regulatory scrutiny, potentially leading to strict new compliance mandates for both enterprises and cloud providers. The long-term effect is a rapid shift toward zero-trust, identity-first security models, with multi-factor authentication and behavioral analytics becoming standard practice across industries.

Expert Perspectives and the Path Forward

Industry experts, including Red Canary co-founder Keith McCammon, stress that defending against these threats requires a holistic approach—correlating data across cloud, identity, and endpoint systems, and blending AI-powered analytics with human expertise. Security professionals warn that the flood of alerts from improved detection could overwhelm teams, making it essential to prioritize high-fidelity threats and continuously refine detection criteria. Some analysts point out that not all of the increase in detections necessarily represents a true rise in attack volume, but rather enhanced visibility into previously undetected risks. The consensus, however, is clear: the days of relying on a secure perimeter are over, and the battle for digital security is now being fought over identities, not just networks.

Organizations must move swiftly to adopt integrated, identity-centric defenses, leveraging AI and automation but also maintaining a vigilant, skilled human presence in the loop. The stakes are high—not just for business continuity, but for the privacy, trust, and security of American enterprises and families in a rapidly evolving digital world.