Mandiant Report – Why Identity and Cloud Missteps are Fuelling Australia’s Next Wave of Cyber Attacks

Australian organisations are facing a subtle but significant shift in cyber risk — one where attackers no longer need to break in, because they can simply log in. According to the latest M-Trends report from Google Cloud’s Mandiant division, the global threat landscape is being reshaped by a combination of credential theft, cloud misconfigurations and […]

ANZ | Cloud Security | Reports & Predictions | Security Operations

Posted: Thursday, Mar 26

KBI.Media
$
Mandiant Report – Why Identity and Cloud Missteps are Fuelling Australia’s Next Wave of Cyber Attacks

Mandiant Report – Why Identity and Cloud Missteps are Fuelling Australia’s Next Wave of Cyber Attacks

Australian organisations are facing a subtle but significant shift in cyber risk — one where attackers no longer need to break in, because they can simply log in.

According to the latest M-Trends report from Google Cloud’s Mandiant division, the global threat landscape is being reshaped by a combination of credential theft, cloud misconfigurations and financially motivated cybercrime. While the findings are global, they map closely to the realities now confronting businesses and government agencies across Australia and New Zealand.

At the centre of this shift is identity.

The Rise of Identity As the Primary Attack Path

For years, cybersecurity strategies have focused on perimeter defence — stopping attackers from breaching networks through vulnerabilities or malware. But that model is becoming increasingly outdated.

The M-Trends research shows that stolen credentials are now one of the most common ways attackers gain access to environments, second only to traditional exploits. This reflects a broader move away from “breaking in” toward “logging in” using legitimate access.

In practice, this often starts with infostealer malware, phishing campaigns, or credential leaks, giving attackers access to usernames, passwords and session tokens. From there, they can move through systems largely undetected, appearing as legitimate users.

For Australian organisations, this trend aligns closely with ongoing warnings from the Australian Cyber Security Centre (ACSC), which has repeatedly highlighted identity compromise as one of the most persistent and damaging threats facing the country.

The implication is clear: identity systems — not just networks — are now the frontline of cyber defence.

Cloud Adoption Creating New Exposure Points

At the same time, the rapid shift to cloud and SaaS platforms is expanding the attack surface.

The M-Trends report highlights how attackers are increasingly exploiting misconfigurations in cloud environments, unsecured data stores, and poorly managed access controls. These weaknesses are often introduced during fast-paced digital transformation initiatives, where security can lag behind deployment.

This is particularly relevant in Australia and New Zealand, where organisations are accelerating cloud adoption while also navigating evolving regulatory requirements such as APRA CPS 230 and CPS 234.

In many cases, the issue is not a lack of security tools, but a lack of visibility. Security teams may not have full insight into how data is stored, who has access, or how systems are interconnected across hybrid environments.

As a result, attackers are able to identify and exploit gaps that are invisible to defenders.

Financially Motivated Attackers Scale Up

Another defining trend is the dominance of financially motivated cybercrime.

Mandiant’s data shows that more than half of threat activity is now driven by financial gain, with ransomware, extortion and data theft continuing to surge. This marks a shift away from the traditional focus on nation-state espionage, although advanced state-backed actors remain active.

For Australian organisations, this reinforces an uncomfortable reality: size and sector offer little protection. While critical infrastructure, government and financial services remain high-value targets, attackers are increasingly opportunistic, targeting any organisation with valuable data or the ability to pay.

This democratisation of cyber risk means that mid-sized enterprises — often with fewer resources than large corporations — are now firmly in the firing line.

Sophisticated Threats, Simple Weaknesses

Despite the rise of advanced attack techniques, many successful breaches still exploit relatively basic weaknesses.

Poor credential hygiene, lack of multi-factor authentication, misconfigured cloud environments and limited monitoring continue to provide easy entry points. Even highly sophisticated threat actors frequently rely on these simple gaps rather than complex exploits.

This creates a paradox for organisations: while the threat landscape is becoming more advanced, the most effective defences often come down to fundamentals.

Strengthening identity controls, enforcing phishing-resistant authentication, improving visibility across cloud environments, and regularly auditing configurations can significantly reduce risk.

A Shift In Mindset Required

Ultimately, the findings point to the need for a broader shift in how organisations think about cybersecurity.

Rather than focusing solely on prevention, businesses must assume that some level of compromise is inevitable and design systems that can detect, contain and recover from incidents quickly.

This includes treating identity as a critical security layer, ensuring visibility across increasingly complex environments, and aligning security strategies with business resilience.

For Australian and New Zealand organisations, the message is clear: the threat landscape is not just evolving — it is becoming more accessible, more scalable, and more dependent on the gaps organisations leave behind.

In an era where attackers can log in instead of break in, the organisations that succeed will be those that can see, control and protect every identity, everywhere.