In what security experts are describing as a “distributed crisis,” a staggering 90% of cybersecurity and IT leaders worldwide reported experiencing cyberattacks targeting their cloud environments within the past year.
This alarming statistic emerges from comprehensive research conducted across ten countries, highlighting the increasing vulnerability of organizations as they transition from on-premises systems to hybrid cloud infrastructures.
The study, which surveyed more than 1,600 IT and security leaders, reveals that despite increased investment in cloud security, threat actors continue to find success in breaching these environments.
.png
)
The nature of cloud-targeted attacks has evolved dramatically, with adversaries shifting away from traditional malware-based approaches toward more sophisticated identity-based intrusion methods.
According to the research, malware-free activity now accounts for 79% of all detected intrusions, a significant increase from just 40% in 2019.
This paradigm shift reflects attackers’ adaptation to modern enterprise environments, where they increasingly exploit valid credentials, engage in hands-on-keyboard intrusions, and deploy social engineering tactics to bypass conventional security measures.
The impact of these breaches has been severe, with 86% of organizations that experienced ransomware attacks ultimately paying the demanded ransom to recover their data or halt the attack.
Even more concerning, 74% of victims reported that attackers were able to harm backup and recovery options, effectively eliminating safety nets designed to mitigate such incidents.
Rubrik Zero Labs researchers identified a particularly troubling trend in their analysis: the dramatic reduction in “breakout time” – the period between initial compromise and lateral movement across systems.
“In 2024, the average breakout time for interactive eCrime intrusions fell to 48 minutes, down from 62 minutes in 2023,” noted security analysts.
“Alarmingly, the fastest breakout was recorded at just 51 seconds, meaning defenders may have less than a minute to detect and respond before attackers establish deeper control”.
The Rise of Identity-Based Attack Vectors
The report provides detailed insight into how identity-based attacks have become the preferred method for cloud environment infiltration.
Rather than breaking in through security vulnerabilities, attackers are simply logging in using compromised credentials.
This approach proves particularly effective in cloud and SaaS environments where traditional perimeter defenses offer limited protection.
Valid account abuse was responsible for 35% of cloud-related incidents, reflecting attackers’ growing focus on identity compromise as a gateway to broader enterprise environments.
Microsoft’s security telemetry supports this finding, revealing that they block over 600 million identity-based attacks daily.
These attacks typically begin with credential harvesting through phishing campaigns or purchase of stolen credentials from access brokers, whose activity surged by nearly 50% compared to the previous year.
The attack sequence typically progresses as follows:-
Initial Access (compromised credentials) →
Cloud Environment Access →
Lateral Movement (using management tools) →
Privilege Escalation →
Data Discovery & Exfiltration
To counter this growing threat, the report recommends organizations adopt a comprehensive strategy that includes improved visibility into cloud environments, identity protection measures, and robust backup capabilities that mirror the rigor traditionally applied to on-premises systems.
Without this unified approach to data protection, organizations remain vulnerable to increasingly sophisticated cloud-targeted attacks that move at unprecedented speed.
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy
