Cloud attacks and identity fraud are sharply increasing according to a report by CrowdStrike. Attackers are increasingly using legitimate access mechanisms.
Cybercriminals are focusing even more on cloud environments. The misuse of digital identities is also increasing and is becoming almost a crucial part of every successful cyberattack. This is evident from the 2025 Threat Hunting report by security specialist Crowdstrike.
With Legitimate Tools in the Cloud
In the first half of 2025, there were 136 percent more cloud breaches than in all of 2024. This indicates that cloud platforms are increasingly being chosen as targets.
read also
Thanks to Crowdstrike: Microsoft Kicks External Software out of the Windows Kernel
Attackers exploit stolen access tokens, API keys, and vulnerabilities in cloud management tools to gain access to sensitive systems, often without the need for malware. They cleverly use legitimate management functions, which complicates detection.
Stolen Identity
Parallel to this trend, identity misuse is also gaining significant ground. In 2025, 80 percent of the attacks observed by Crowdstrike used stolen login credentials or active sessions. Attackers employ social engineering, such as voice phishing (vishing), to bypass multi-factor authentication or reset passwords via helpdesks.
This quickly grants them access to cloud applications, email systems, or virtual desktops. Because identity-based access is often linked to multiple internal systems, this forms a particularly efficient attack method.
AI Support
Generative AI (GenAI) plays an increasingly supportive role in this. Cybercriminals use this technology to generate convincing phishing emails, resumes, and technical documents, enhancing their credibility with targets. Although GenAI does not create a completely new attack vector, it does increase the scale, speed, and persuasiveness of existing techniques.
It is notable that hackers do not need complex zero-day vulnerabilities or unpatched systems for a successful attack. With the help of stolen identity data or misconfigurations of (cloud) environments, misuse of legitimate tools suffices to break in and wreak havoc.
Organizations are therefore well-advised to focus not only on technical detection but also on awareness around social engineering and misuse of legitimate access mechanisms. A lack of MFA, poor passwords, unnecessarily exposed APIs, and gullible employees are all dangerous and actively exploited attack vectors.