Cloudflare, a connectivity cloud company, said cyberattacks are shifting from brute-force break-ins to stealthy account takeovers, as threat actors increasingly “log in” using stolen or fake identities.
The finding comes from the company’s 2026 Cloudflare Threat Report, which analyzed trillions of signals across its global network. Cloudflare said it blocks an average of 230 billion cyber threats each day, underscoring the scale of modern attacks targeting businesses, governments, and critical infrastructure.
“Hackers thrive on the gaps left by fragmented, stale threat intelligence,” said Matthew Prince, co-founder and CEO of Cloudflare. “By sharing this intelligence, we’re shifting the advantage back to defenders and making it more difficult and expensive for attackers to operate.”
The report shows attackers are no longer focused on crashing systems alone. Instead, they are quietly gaining access to payroll platforms, email systems, and enterprise software by impersonating legitimate users. This shift makes identity verification a central challenge in cybersecurity, particularly as more companies adopt cloud services and remote work setups.
Artificial intelligence (AI) is accelerating this trend. Cloudflare said threat actors are using large language models to scan networks, identify vulnerabilities, and generate convincing phishing messages or deepfake identities. In one case tracked by its Cloudforce One team, an attacker used AI tools to locate sensitive data and compromise hundreds of organizations through a shared software platform, marking a major supply chain breach.
Nation-state cyber operations are also becoming more targeted. Cloudflare identified Chinese-linked groups such as Salt Typhoon and Linen Typhoon focusing on telecommunications, government agencies, and IT providers in North America. These groups are planting persistent access points inside critical systems, allowing them to launch future attacks when needed.
North Korean operatives are exploiting remote hiring processes. The report said attackers are using AI-generated profiles and fake credentials to secure jobs inside Western companies, gaining direct access to corporate networks. Some operations rely on “laptop farms” in the United States to disguise their true locations.
Large-scale distributed denial-of-service (DDoS) attacks are also intensifying. Cloudflare recorded attacks peaking at 31.4 terabits per second, a volume that can overwhelm traditional, human-managed defenses. Botnets such as Aisuru are now capable of disrupting entire national networks, pushing organizations to adopt automated mitigation systems.
“Threat actors are constantly changing tactics. Organizations need real-time, actionable intelligence or risk falling behind,” said Blake Darché, head of threat intelligence at Cloudforce One.