A Candid Perspective on the Cloud Threat Landscape: What’s Real, What’s Not, and What Should Change
Curtis Hanson
fwd:cloudsec Europe 2025 · Day 1 · Main Room
Curtis Hanson, Managing Partner at **Invictus Incident Response** and a threat intelligence professional with over 10 years of experience, presented a first-of-its-kind **cloud-specific threat landscape** for 2025. Compiled exclusively from open-source intelligence across 20+ high-quality sources, the dataset covers **41 real-world cloud attack cases** through September 2025, mapped to threat actors, techniques, platforms, and **MITRE ATT&CK** — an effort that increased cloud-specific ATT&CK coverage from 20% to 80%. The talk delivers both a current-state assessment of who's attacking clouds and how, and a blunt critique of the cloud security community's reporting gaps.
AI review
A rigorous threat intelligence effort that provides something the cloud security community desperately lacks — a consolidated, cloud-specific threat landscape with actual ATT&CK mappings. The 41-case dataset, 25 threat actor inventory, and the manual mapping effort from 20% to 80% ATT&CK coverage are genuine contributions. The community critique is honest and constructive.