Google is a victim and an advocate against numerous cybersecurity threats. Whether users are victims of a perpetual hacking attack or they are proactive in protecting Chrome browser users, Google is making headlines and being in the crosshairs of cyberattackers. Google Cloud isn’t immune to this attention, and Google isn’t afraid of the mess it faces, as evidenced by its Google Cloud Threat Horizons 2025 report. Here’s what you want to know.
Focusing on the maximum significant security threats faced through Google Cloud users, as well as plenty of direction on how to mitigate Google Cloud threats, the Horizons Threat Report for the first part of 2025 is a read for everyone, consumers and organizations. TL Version; However, the Dr. would come with warnings about the following primary threats:
Google Cloud research has revealed that over-privileged service accounts, alongside the exploitation of lateral movement, are being seen as increasingly significant threats for cloud users. Compromised user identities in hybrid environments are also high up the threats list, leading, as they can, to persistent access and lateral movement between on-premises and cloud environments. This, Google warned, can result in what it referred to as multifaceted extortion. And talking of extortion, ransomware-as-a-service attacks raised their malicious heads, as did vulnerabilities in cloud databases.
With varied forms of attack and increasingly complicated tactics to flavor knowledge organizations and extort money in the cloud, Google said, risk actors are also “using multi-factor authentication derived in cloud-based on-premises to compromise accounts and forms of competitive communication with sufferers to maximize their profits. “
“It is not surprising that the abuse of the account of the best facilities is increasing,” said Brian Soby, a leading generation officer of software security specialists as a service, “it has been a main challenge for a long time. ” Two of the maximum non -unusual reasons are not unusual, said Senby, they are a lazy recommendation of suppliers when they ask consumers to administrative access that identify well the necessary access for an application of application and service or reuse of services through integrations of applications not related to other access requirements. “This inevitably. ” It leads to the summary of the access of all integrations, “Soby warned.
Then there’s the challenge of attackers resorting to post-authorization token flight, the 2FA bypass method I wrote so much about that uses query flight cookies, which Sobyarray says will have to be a signal alarm For anyone who uses it it is their main strategic defense. “These attacks will take the identity provider directly,” SoBy said, “and go straight to the applications. “
The office of the CISO at Google Cloud said that, to stay ahead of the threat curve in 2025, “a robust cloud security strategy must prioritize data exfiltration and identity protection.”
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
To do so, stay in the publication regulations in the terms of use of our site. We have summarized some of those key regulations below. Simple put, civil.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So how can you be a user?
Thanks for reading the guidelines of our community. Read the complete list of publication regulations discovered in the terms of use of our site.