Red Canary Reveals Surge in Cloud and Identity Threats, Urging Organizations to Pivot Cybersecurity Strategies

Red Canary's midyear 2025 Threat Detection Report reveals a 500% surge in Cloud Account detections, highlighting the need for organizations to pivot towards identity and cloud-based threats. The report also notes a rise in new cloud techniques and a low percentage of truly malicious phishing emails, with attackers employing sophisticated methods to bypass security systems. To counter these evolving threats, Red Canary recommends enforcing multi-factor authentication, conducting regular cloud infrastructure audits, enhancing user training, and closely monitoring VPN and remote management tool usage.

Red Canary's midyear 2025 Threat Detection Report reveals a significant shift in the cybersecurity landscape, with a 500% surge in Cloud Account detections [1]. This dramatic increase underscores the growing importance of identity and cloud-based threats, prompting organizations to reassess their security strategies.

The report, released by Red Canary, a Zscaler company, highlights two new cloud techniques that have entered the top 10 detected threats: Data from Cloud Storage and Disable or Modify Cloud Firewall [1]. These emerging risks underscore the need for organizations to focus on cloud security, rather than traditional endpoint protection.

The report also notes that while phishing emails remain prevalent, only 16% of suspected phishing emails were genuinely malicious [1]. However, the sophistication of these phishing attempts has evolved, with attackers employing techniques like using Google Translate to bypass security measures [1].

To counter these evolving threats, Red Canary recommends several strategies. Enforcing multi-factor authentication (MFA) and conditional access policies (CAP) can reduce unauthorized identity usage. Regular audits of cloud infrastructure configurations are crucial to prevent misconfigurations that could expose organizations to significant risks. Additionally, enhancing user training to identify sophisticated phishing attempts and closely monitoring VPN and remote management tool usage can significantly improve an organization's cybersecurity posture [1].

The report's findings underscore the need for organizations to adopt a more comprehensive approach to security, moving away from traditional endpoint-focused strategies and towards integrated cloud security platforms [1]. This shift is particularly important as threat actors increasingly leverage AI and diversify their techniques and tooling [3].

References:
[1] https://www.stocktitan.net/news/ZS/red-canary-research-reveals-sharp-rise-in-cloud-and-identity-threats-5utqqujjfzbl.html
[2] https://www.nasdaq.com/press-release/red-canary-research-reveals-sharp-rise-cloud-and-identity-threats-exposing-critical
[3] https://www.darktrace.com/blog/2025-cyber-threat-landscape-darktraces-mid-year-review