Organisations across Australia and New Zealand are facing a growing wave of cyber threats driven by identity compromise, cloud misconfigurations and financially motivated attackers, according to new insights from Google Cloud's Mandiant M-Trends report.
While the report analyses global incident response data, its findings highlight several trends that are increasingly shaping the threat landscape across the ANZ region.
Identity attacks emerge as primary entry point
The research shows that stolen credentials have become one of the most common methods used by attackers to gain initial access, reflecting a broader shift away from traditional network-based attacks.
This trend is being fuelled by the rapid growth of infostealer malware and phishing campaigns, which enable attackers to obtain legitimate login details and bypass conventional security controls.
For organisations in Australia and New Zealand, the findings reinforce ongoing warnings from the Australian Cyber Security Centre (ACSC) that identity systems are now a critical point of vulnerability.
Rather than breaking into systems, attackers are increasingly logging in using valid credentials, allowing them to move through environments undetected.
Cloud adoption expanding the attack surface
The M-Trends report also highlights the role of cloud and SaaS environments as a growing source of risk.
As organisations accelerate digital transformation initiatives, attackers are exploiting misconfigured cloud environments, unsecured data repositories and poorly managed access controls.
In ANZ, where businesses are rapidly adopting cloud services while navigating evolving regulatory frameworks such as APRA CPS 230 and CPS 234, these risks are particularly pronounced.
Limited visibility across hybrid and multi-cloud environments is further compounding the challenge, making it difficult for security teams to detect and respond to threats in real time.
Financially motivated attacks dominate
Mandiant's analysis shows that more than half of observed threat activity is financially motivated, with ransomware, extortion and data theft continuing to drive the majority of incidents.
This trend is reflected across Australia and New Zealand, where organisations of all sizes are increasingly being targeted by opportunistic cybercriminals.
While sectors such as financial services, government and healthcare remain high-value targets, attackers are broadening their focus to include mid-sized enterprises and organisations with limited security resources.
Basic security gaps still widely exploited
Despite the growing sophistication of cyber threats, the report finds that many successful attacks continue to rely on relatively simple weaknesses.
Poor credential hygiene, lack of multi-factor authentication, and misconfigured systems remain among the most common vulnerabilities exploited by attackers.
This highlights the importance of strengthening foundational security practices, particularly in identity and access management, as well as improving visibility across cloud environments.
Regional implications for resilience
The findings underscore the need for organisations across Australia and New Zealand to rethink their approach to cybersecurity, shifting from a prevention-first mindset to one focused on resilience.
With attackers increasingly able to gain access through legitimate credentials and exploit gaps in cloud environments, organisations must prioritise:
- Strong identity protection and access controls
- Continuous monitoring across cloud and SaaS platforms
- Improved configuration management and visibility
- Rapid detection and response capabilities
As the threat landscape continues to evolve, the ability to detect, contain and recover from cyber incidents is becoming just as important as preventing them.
