Beware of these Google Cloud security threats.
SOPA/LightRocket Images via Getty Images
Google is both a victim and a defender against cybersecurity threats often. Whether users are on the receiving end of a persistent password-stealing hacking attack, or they are proactive in protecting Chrome browser users, Google is always in the headlines and also in the crosshairs of cyber attackers. Google Cloud doesn't escape attention, and Google isn't shy about the problems it faces, as the 2025 Google Cloud Threat Horizons report proves. Here's what you need to know.
Google Cloud Threat Outlook 2025 Report
With a focus on the top security threats facing Google Cloud users, along with plenty of advice when it comes to mitigating those threats, the Google Cloud Threat Outlook for H1 2025 is recommended reading for everyone, consumers and enterprises alike. However, the TL;DR release will include warnings about the following major threats:
Google Cloud research has revealed that overprivileged service accounts, along with lateral movement exploits, are viewed as increasingly significant threats to cloud users. User identities at risk in hybrid environments are also at the top of the threat list, resulting, as much as possible, in constant access and lateral movement between on-premises and cloud environments. Google warned that this could lead to what it referred to as multi-faceted extortion. Speaking of extortion, ransomware-as-a-service attacks have reared their malicious heads, as have vulnerabilities in cloud databases.
With diverse attack methods and increasingly sophisticated tactics to steal data and extort enterprises in the cloud, threat actors are “also using multi-factor authentication bypass in cloud-based services to compromise accounts and aggressive communication strategies with victims to maximize their profits,” Google said.
Cybersecurity experts talk about Google Cloud Security threats
“It's no surprise that abuse of overprivileged service accounts is on the rise,” said Brian Sobey, chief technology officer at SaaS security company AppOmni. “This has been a big problem for a long time.” Two of the most common reasons AppOmni sees are slow routing from vendors when asking customers for administrative access instead of properly defining the access required for any given app and service account or profile reuse across unrelated app integrations with different access requirements, Sobey said. “This inevitably results in accounts having aggregate access to all integrations,” Sobey warned.
Then there's the issue of attackers turning to stealing post-authentication tokens for access, a two-factor authentication bypass methodology I've written about a lot that uses stealing session cookies, which Sobey said should serve as a wake-up call to anyone using it. As their main strategic defence. “These attacks will be carried out directly by the identity provider, and transmitted directly to the applications,” Sobey warned.
To stay ahead of the threat curve in 2025, “a robust cloud security strategy must prioritize data leakage and identity protection,” Google Cloud's Office of the Chief Information Security Officer said.
