// LATEST INTELLIGENCE //

Cloud Security Risk Report 2025

PRESENTED BY

Introduction

Cloud Security is a significant and growing aspect of our customers’ security programs, as captured in our Cloud & Container Attack & Defend blog series. This report examines five key risk themes observed thus far in 2025 across this series. We capture the challenge space, showcase examples of activity that have been observed, and guide how SentinelOne is aiding our customers in their efforts to prevent these attacks.

The 5 key risks explored in this document are:

Cloud Credential Theft Due to their ability to enable and expand an attack’ s scope, targeting cloud credentials is an initial or early step for many cloud breaches. A top trend this year is the use of info stealers targeting cloud and container credentials.

Lateral Movement in the Cloud After Initial Access, threat actors look to discover and move laterally to environments that offer them their desired scope of impact, whether that’ s ransomware deployment, resource theft, or sensitive data discovery. A top trend is the emergence of sophisticated threats that traverse cloud environments, originating from or pivoting to on-premises environments.

Vulnerable Cloud Storage While misconfigured cloud object storage has long been a source for data breaches, threat actors are increasingly focused on accessing and abusing cloud object storage in new ways. Their intentions have changed from a historical focus on pure data exfiltration to targeting as a source for further credential harvesting and even ransomware.

Cloud Supply Chain Risks Attackers are increasingly seeking new ways to execute supply chain attacks, either to maximize the scope of their attacks or opportunistically target their victims. Difficult to detect and dangerous in action, popular methods of compromising the software development lifecycle and CI / CD pipelines include typosquatting and poisoning previously trusted components. �

20 Intelligent SME. tech