A new report from Fortinet highlights significant vulnerabilities in cloud services, with identity management emerging as a critical area of concern. The 2025 Global Threat Landscape Report reveals that misconfigurations are no longer the sole focus for attackers, who are exploiting over-permissioned identities and using familiar tactics to infiltrate cloud environments.
The report emphasises that attackers often start in one geographical location and use legitimate services for stealthy attacks. Notably, 25% of cloud incidents in 2024 began with reconnaissance efforts, indicating a need for better identity monitoring.
Key Points
- Cloud attacks are shifting focus from misconfigurations to issues involving identity management.
- FortiCNAPP telemetry indicates a rise in identity abuse and insecure APIs in cloud compromises.
- Reconnaissance is a prevalent tactic, with attackers probing APIs and permissions.
- Unfamiliar login geographies are common in 70% of incidents, highlighting the importance of identity defence.
- The report identifies multiple tactics used in cloud attacks, including initial access and privilege escalation.
Why should I read this?
If you’re involved in cloud services or cybersecurity, this article is a must-read. With identity management becoming a crucial perimeter for security, understanding the evolving tactics of attackers is essential for protecting your assets. We’ve distilled the key insights for you, so you can stay ahead of the curve in an increasingly complex threat landscape.