A new Global Threat Report from Darktrace highlights a 20 percent year‑on‑year increase in publicly disclosed vulnerabilities, even as attackers increasingly bypass these weaknesses in favor of credential abuse and identity‑led intrusions.
Identity‑driven compromise has now become the dominant path into organizations. Darktrace’s findings show that, across the Americas, nearly 70 percent of incidents in the region began with stolen or misused accounts, underscoring how cloud and SaaS adoption have shifted the frontline of cyber defense from the network to the user.
“Traditional perimeter defenses were built for a world where attackers had to break in,” says Nathaniel Jones, VP of security and AI strategy at Darktrace. “Today they simply log in. Stopping identity‑led intrusions requires the ability to recognize when legitimate accounts begin to behave in ways that do not align with normal activity, and that means moving beyond static controls toward security that understands context and intent.”
Cloud compromise has become the main entry point for cyber-attacks on both sides of the Atlantic. In Europe, 58 percent of incidents began with compromised cloud accounts and email, overtaking traditional network breaches at 42 percent. In the Americas, attackers most often break in through SaaS applications and Microsoft 365 accounts, with many of these breaches escalating into double or even triple extortion campaigns.
With 94 percent of organizations worldwide now relying on cloud computing, the risk is widespread. Darktrace’s honeypot data reinforces this trend: Azure is the most targeted cloud provider, drawing 43.5 percent of observed malware samples, compared with 33.2 percent for Google Cloud Platform (GCP) and 23.2 percent for Amazon Web Services (AWS). When measured by unique malicious IP addresses, Docker environments account for 54.3 percent of honeypot targeting, underscoring the growing appeal of containerized cloud infrastructure for large scale attacks.
Email attacks are getting more sophisticated too with signs of AI usage increasing year-on-year, and novel social engineering techniques rising from 32 percent to 38 percent and large‑text, long‑form messages increasing from 27 percent to 33 percent. There’s been a 28 percent increase in QR code-based phishing attacks too, from 940,000 in 2024 to over 1.2 million in 2025.
Commenting on the findings Mark McClain, chief executive officer at SailPoint, says, “As the report highlights, identity is no longer about perimeter-based defense. The rise in AI-based agents and the massively accelerating threat landscape has rendered that approach inadequate, and prompted a shift towards identity as the critical element to enterprise security. This report’s findings demonstrate that there is now a need for real-time, intelligent, and dynamic identity security, built to govern and secure not just ‘who,’ or in the case of AI agents, ‘what,’ has access to the enterprise, but what data they can access and what they are able to do once inside.”
You can find out more on the Darktrace site.
Image credit: Elnur_/depositphotos.com
