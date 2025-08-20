Google Cloud's latest Cloud Threat Horizons Report H2 2025 highlights the rising sophistication of cyber threats targeting cloud environments and warns that attackers are increasingly focusing on recovery and backup systems, according to Security Brief Australia.
Credential compromise remains the top threat vector, responsible for 47.1% of incidents, while misconfigurations and API or user interface compromises contributed to 29.4% and 11.8%, respectively. The report notes a surge in backup sabotage, with attackers deleting routines, corrupting data, and manipulating permissions to amplify ransom leverage. Advanced social engineering is enabling multi-factor authentication bypass, particularly by North Korea-aligned group UNC4899, which targets cryptocurrency platforms. Attackers are also abusing trusted cloud services like Google Drive, GitHub, and Dropbox to host decoy files that silently deploy malware. Google Cloud advises a multi-layered defense, including robust identity and access management, credential hygiene, isolated recovery environments, and supply chain security validation. "Recovery systems are now primary targets, signalling an urgent need for stronger defensive posture across identity, access, and infrastructure resilience," the report states.