Brazil Sees Surge in Cloud Identity Thefts Amid Record Cyberattack Attempts in 2025
Malware coverage focused on infection paths, containment steps and indicators defenders should watch.
By: Artur Ślesik
Responsible editor: Artur Ślesik / Founder and Web Security Review
Infrastructure Security Editor: Marcin Pocztowski / Infrastructure and Vulnerability Response
Last reviewed by: Marcin Pocztowski on Apr 30, 2026
Technical review credentials: Security+ evidence | RHCSA evidence | JNCIS-SEC evidence
Published on HackWatch: Apr 30, 2026
Source date: Apr 30, 2026
Last updated: Apr 30, 2026
Incident status: Active threat
Last verified: Apr 30, 2026
Corroborating sources: 1
Trust note:This alert is maintained under HackWatch's editorial policy, with visible source records, a named responsible editor and a correction channel for disputed facts.
AI tools may assist HackWatch with initial monitoring and source clustering. The public article is reviewed, fact-checked and edited by a real HackWatch reviewer before publication or material updates. Last human review: Apr 30, 2026.
Technical reviewer note: Marcin Pocztowski reviewed this alert on Apr 30, 2026 for infrastructure impact, containment order and whether persistence or lateral-movement claims are supported by evidence. His administrator note is concrete: isolate the host or segment first, protect logs and network telemetry, then rebuild, rotate or patch only within the scope supported by the 1 corroborating source, the same cautious sequence he would use around managed router and server environments.
Review our editorial policy or send corrections to [email protected].
Active threat. The incident should still be treated as active until confirmed mitigation or patch adoption is verified.
Brazil saw cyberattacks targeting cloud identities surge to 753.8 billion attempts in 2025, with malware distribution jumping 535%, FortiGuard Labs reported. The rise signals a shift toward industrial-scale cybercrime exploiting stolen credentials, prompting calls for stronger identity protections.
SAO PAULO, April 30, 2026, 13:30 BRT
Brazil recorded 753.8 billion cyberattack attempts in 2025, a report from FortiGuard Labs, the research division of cybersecurity firm Fortinet, showed. The data underscores a sharp increase in attacks targeting cloud identities, raising concerns about the security of Brazil's digital infrastructure.
Malware distribution in the country surged by 535% compared to 2024, reaching 187.5 billion incidents. This dramatic rise points to cybercrime becoming a more industrialized operation within Brazil, focusing on cloud services and stolen credentials.
The timing is critical as Brazil's digital economy increasingly depends on cloud platforms for both commercial and government functions. The rise in identity theft incidents threatens data integrity, user privacy, and the continuity of essential services.
Cybercriminals leverage stolen credentials to breach cloud environments, often resulting in data leaks, ransomware infections, and financial fraud. The sheer volume of attacks in 2025 suggests that current security measures are struggling to keep pace with evolving, sophisticated threats.
FortiGuard Labs' findings mirror broader trends across Latin America, where rapid digital adoption has coincided with escalating cybercrime activity. Brazil's experience highlights the risks for emerging markets expanding their cloud reliance without adequate defenses.
The industrialization of cybercrime is evident in the use of automated tools and widespread phishing campaigns to harvest user credentials. Attackers then bypass authentication controls to gain unauthorized access to cloud resources.
Authorities and cybersecurity experts recommend that Brazilian organizations adopt multi-factor authentication (MFA), continuous monitoring, and zero-trust security frameworks to reduce exposure. End users are advised to remain alert to phishing attempts and maintain strong, regularly updated passwords.
The report stresses the importance of enhanced cooperation between public and private sectors to share threat intelligence and coordinate cyber defense efforts.
Uncertainties remain about the full scale of breaches tied to cloud identity theft, as many incidents go unreported or undetected. Cybercriminals’ ability to rapidly adjust tactics means defense strategies must continually evolve.
In response, Brazilian agencies and firms are investing in advanced detection technologies and awareness campaigns aimed at curbing cloud-related identity theft.
This surge in attacks serves as a reminder that digital transformation requires robust security frameworks to protect critical infrastructure and personal data.
Signs of compromise include unusual account activity, login attempts from unfamiliar locations, and unexpected password reset notifications.
Immediate protective steps include enabling MFA, scrutinizing email for phishing, and using password managers to create and store strong, unique passwords.
Looking ahead, experts warn that cybercriminals will refine automated attacks, making cloud identity theft an ongoing threat. Proactive security measures and user education will be key to countering this challenge.
Source: https://www.cisoadvisor.com.br/ameaca-a-nuvem-no-brasil-identidades-roubadas-disparam/
Sources used for this article
cisoadvisor.com.br
