This Week in Cloud Security: AI Malware, Runtime Expansion & Policy Reinforcements

Your No-Fluff Security Roundup | 26th July - 1st August 2025

This week:

• Cloud-native malware SoCo404 and Koske hit East Asia
• Orca expands runtime protection to hybrid and private clouds
• Viasat to deliver sovereign-grade encryption to U.S. government cloud
• Trend Micro and Google Cloud deepen AI threat detection alliance
• Zest Security adds AWS SCP governance support
• Uber unveils its internal secrets management platform

Here’s what happened and why it actually matters.

🔎 Featured Story of the Week

AI Malware Campaigns Target Cloud Workloads in East Asia

🔗Read more at The Hacker News

Researchers uncovered the SoCo404 and Koske malware families targeting cloud workloads in East Asia. These strains use advanced anti-analysis techniques and obfuscated loaders designed for stealth and persistence in cloud-native setups.

‍Why this matters:
‍These aren’t generic attacks. They’re tailored for cloud targets, using tactics that blend in with normal activity. This marks a turning point: malware is now purpose-built for cloud, and most defences aren’t ready.

‍

Sovereignty, Policy, & Public Sector Shake-ups

UK Blames Fancy Bear for Microsoft 365 Intrusions

🔗Read → The Fast Mode

Viasat will deliver NSA-certified, high-speed encryption systems to U.S. government cloud environments, supporting classified workloads and hybrid deployment scenarios.‍

Why this matters:
‍As geopolitical tensions grow, sovereign-grade crypto is becoming a must-have in government cloud. Expect rising demands for performance, zero-trust enforcement, and provable data isolation.

Vendor Moves That Matter

Trend Micro & Google Cloud Deepen AI Security Partnership

🔗Read → ITPro

The partnership focuses on AI-driven policy enforcement and real-time detection across hybrid environments.

‍Why this matters:
‍Big vendors aren’t just integrating. They’re operationalising AI. This partnership aims to deliver fewer dashboards, more decisions, and faster cross-platform response.

Orca Brings Runtime Protection to Hybrid & Private Cloud

🔗Read → BusinessWire

Orca’s agentless CNAPP now extends beyond public cloud to hybrid and private environments.

‍Why this matters:
‍Most CNAPPs stop at the hyperscaler edge. Orca’s move recognises that enterprise reality is still hybrid and runtime protection must go wherever the workloads live.

Impac Labs & Varonis Partner for Integrated Cloud Security

🔗Read → Investing.com

This integration brings real-time detection of risky access paths by combining behavioural monitoring and entitlements data.

‍Why this matters:
‍It’s not just about stopping outsiders. Internal misuse, privilege creep, and shadow access are driving modern breaches and this partnership aims straight at that.

Impac Labs & BigID Tackle Data-Centric Cloud Risk

🔗Read → Morningstar

The alliance aims to deliver unified discovery, classification, and policy enforcement for sensitive data across clouds.

‍Why this matters:
‍Data privacy isn’t just a legal checkbox, it’s a security control. Teams need integrated policy enforcement across cloud platforms, not just asset tagging.

Zest Security Adds AWS SCP Support to Platform

🔗Read → SiliconANGLE

Zest now enables streamlined use of AWS Service Control Policies across multi-account environments.

‍Why this matters:
‍SCPs are often underused due to complexity but they’re powerful guardrails. Zest is turning governance into a low-friction control plane.

Backblaze Rolls Out Enterprise Security Suite

🔗Read → ChannelE2E

Backblaze has added SSO, improved key management, and RBAC to meet enterprise security needs for its cloud storage platform.

‍Why this matters:
‍Consumer-first cloud tools are under pressure to mature. Backblaze’s pivot shows how security can be a growth enabler, not just a cost.

Illumio Launches AI-Powered Resilience Insights

🔗Read → SecurityBrief AU

Illumio has launched resilience scoring tools that use AI to measure exposure and recommend mitigation strategies.

‍Why this matters:
‍In today’s environment, prevention isn’t enough. Measuring survivability is now part of a serious security posture.

Bugs, Breaches & Fixes of the Week

Uber’s Internal Secrets Management Platform Unveiled

🔗Read → InfoQ

Uber published details of its internal secrets management architecture built for scale and zero-trust principles.

‍Why this matters:
‍Secrets mismanagement is one of the leading breach vectors. Uber’s approach shows what secure, scalable key handling looks like inside a high-demand engineering environment.

Reports, Roadmaps & Research

Google Cloud Threat Horizons H1 2025 Report Drops

🔗Read → TechRepublic

Key takeaways: misuse of native tools, misconfigured IAM as top risk, and the growing subtlety of cloud-native attack paths.

‍Why this matters:
‍The line between "normal" and "malicious" behaviour is blurring. If you’re only looking for malware, you’re probably missing the real attack paths.

Dark Reading Risk Index: Cloud Complexity Overload

🔗Read → Dark Reading

Security leaders report misconfigurations, visibility gaps, and tool sprawl as top cloud challenges with rising burnout due to alert fatigue.

‍Why this matters:
‍The complexity problem isn’t new but this shows it’s worsening. It’s a call to simplify, consolidate, and shift from reactive to architectural fixes.

AI Adoption Rising in Cloud Security for Data Protection

🔗Read → SecurityBrief AU

New research shows that data protection, anomaly detection, and compliance automation are top drivers behind the surge in AI security use cases.

‍Why this matters:
AI is now delivering real value. The question isn’t if you use it, but where and how well it’s improving security outcomes.

🧠 TL;DR: What This Week Tells Us

☁️ Malware is now truly cloud-native, and East Asia is a proving ground
‍🛡 Runtime protection is expanding beyond hyperscalers to hybrid estates
‍🤖 AI is shifting from buzzword to utility in threat detection and data security
‍🔐 Secrets, access, and data entitlements remain soft spots
‍⚙️ Cloud complexity is crushing teams. Simplification is overdue

‍

‍