Attackers are using your network against you, according to Cloudflare | CyberScoop<\/title> <meta name=\"description\" content=\"Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/cloudflare-annual-threat-report-2026\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Attackers are using your network against you, according to Cloudflare\"> <meta property=\"og:description\" content=\"Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/cloudflare-annual-threat-report-2026\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-04T15:20:56+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-04T15:20:59+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg\"> <meta property=\"og:image:width\" content=\"5800\"> <meta property=\"og:image:height\" content=\"3258\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1770755286g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88035\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88035\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcloudflare-annual-threat-report-2026%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcloudflare-annual-threat-report-2026%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88035 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/cloudflare-annual-threat-report-2026\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.522540983607\">\n<div class=\"single-article__header-content\" readability=\"34.496519721578\">\n<p> Blind spots in complex cloud environments allow identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. Sophistication need not apply. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88035\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg 5800w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=768,431 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=1024,575 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=1536,863 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=2048,1150 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> Cloudflare headquarters in San Francisco. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"40.625483621357\"><body readability=\"82.555033754036\"><\/p>\n<p>Cloudflare\u2019s <a href=\"https:\/\/www.cloudflare.com\/lp\/threat-report-2026\/\">inaugural threat intelligence report<\/a> identifies a series of weaknesses in technology that attackers have abused and industrialized into professional \u201cattack factories,\u201d leaving most organizations unprepared to respond. <\/p>\n<p>Attackers are turning the very services victims deploy and pay for into tools for launching large-scale attacks. Researchers say the barrier to entry has vanished, as identities and tokens allow attackers to weaponize gaps in cloud-based systems.<\/p>\n<p>Organizations\u2019 environments are riddled with potential entry points. As the everything-as-a-service model spreads, systems become more interconnected and dependent on one another, and many software components are reachable in ways that make them nearly as accessible to attackers as to legitimate users.<\/p>\n<p>\u201cWhen one of those interconnections goes bad, all of a sudden everything\u2019s gone south,\u201d Blake Darch\u00e9, head of Cloudflare\u2019s threat intelligence unit Cloudforce One, told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cData is more accessible than ever, which is good for a lot of cases, but the threat actors are using that easy access to that data as a way to exploit people, systems and organizations,\u201d he added. \u201cIt\u2019s only going to get harder. I think some of the AI tools will make this even worse.\u201d<\/p>\n<p>Attackers have turned \u201cthe connective tissue of the modern enterprise into its primary vulnerability,\u201d researchers wrote in the report.<\/p>\n<p>Cloudflare expects attackers to routinely exploit platforms as a standard tactic this year. Cybercriminals, nation-states and others routinely use public cloud resources to blend in with legitimate traffic, provision infrastructure for operations and cast link-based phishing lures into emails that bypass or slip through ineffective protections, researchers wrote in the report.<\/p>\n<p>Weaknesses in the seams of complex cloud environments are abundant and consequential, allowing identity-based attacks to achieve the same outcome as complex malware or zero-day exploits. <\/p>\n<p>These blind spots make the traditional barometers for danger \u2014 an attackers\u2019 demonstrated sophistication through elegant code or novel zero-days \u2014 effectively trivial, researchers wrote in the report. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIf you\u2019re a business that just lost a million records, it doesn\u2019t matter if the threat actor was sophisticated, unsophisticated, or a child,\u201d Darch\u00e9 said.<\/p>\n<p>Cloudflare argues the industry should reframe how it categorizes risk and take a more pragmatic approach: focus on \u201ceffectiveness,\u201d measured by the ratio of an attacker\u2019s effort to the operational outcome they achieve. <\/p>\n<p>\u201cIt turns out, you don\u2019t need to be sophisticated to be successful,\u201d Darch\u00e9 said. \u201cIn the industry, we\u2019re overly focused on sophistication of threats and that\u2019s probably not what it\u2019s about anymore, and it\u2019ll become less about sophistication level over time.\u201d<\/p>\n<p>The far-reaching <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-compromise-scope-expands\/\">attack spree originating at Salesloft Drift<\/a> last summer, which <a href=\"https:\/\/cyberscoop.com\/salesloft-drift-attacks-cloudflare-palo-alto-networks-zscaler\/\">impacted Cloudflare<\/a> and more than 700 additional companies through the third-party AI agent\u2019s connection with Salesforce, exemplified the risks lurking in unexpected places in the supply chain. <\/p>\n<p>The trusted relationships that these interconnected services rely on need to be further scrutinized, Darch\u00e9 said. \u201cYou as the data owner don\u2019t even know where their data is going, and your exposure is just almost infinite.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.7995735607676\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/attackers-are-using-your-network-against-you-according-to-cloudflare-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/cloudflare-annual-threat-report-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers are using your network against you, according to Cloudflare<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[632,282,78,168,3707,4684,256,49,1170],"tags":[633,286,86,169,3708,4686,262,57,1171],"class_list":["post-8397","post","type-post","status-publish","format-standard","hentry","category-cloudflare","category-cybercrime","category-cybersecurity","category-malware","category-nation-state-threats","category-networks","category-research","category-threat-intelligence","category-zero-days","tag-cloudflare","tag-cybercrime","tag-cybersecurity","tag-malware","tag-nation-state-threats","tag-networks","tag-research","tag-threat-intelligence","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cloudflare\/\" rel=\"category tag\">Cloudflare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/malware\/\" rel=\"category tag\">Malware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nation-state-threats\/\" rel=\"category tag\">nation state threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/networks\/\" rel=\"category tag\">networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-intelligence\/\" rel=\"category tag\">Threat Intelligence<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8397","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8397"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8397\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8397,"date":"2026-03-04T09:20:56","date_gmt":"2026-03-04T15:20:56","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88035"},"modified":"2026-03-04T09:20:56","modified_gmt":"2026-03-04T15:20:56","slug":"attackers-are-using-your-network-against-you-according-to-cloudflare","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/04\/attackers-are-using-your-network-against-you-according-to-cloudflare\/","title":{"rendered":"Attackers are using your network against you, according to Cloudflare"},"content":{"rendered":"