Week in Review — March 9–13, 2026
Businesses and governments are learning that the cloud’s promise of resilience can be challenged by both kinetic and cyber attacks. In the last two weeks, a series of drone strikes on Amazon Web Services (AWS) facilities in the United Arab Emirates and Bahrain, followed by a surge in software‑based initial‑access attacks on Google Cloud, highlighted gaps in the physical and virtual defenses that many have taken for granted.
The physical strikes in the Middle East underscored that data centers, traditionally viewed as highly secure and redundant, can be targeted as strategic assets in modern warfare. Meanwhile, the shift in Google Cloud incidents toward vulnerability exploitation illustrates that attackers are increasingly turning to software weaknesses now that traditional identity‑based attack surfaces have been hardened. Together, these events reveal a broader threat landscape where the cloud’s perceived safety is being tested on multiple fronts.
Middle East Conflict Highlights Cloud Resilience Gaps | Dark Reading
Following US and Israeli military strikes on February 28, Iran’s internet traffic dropped to less than 1% across all major networks. Within 24 hours, Iranian forces retaliated by targeting cloud infrastructure in the Gulf, hitting two AWS facilities in the UAE with drone strikes and damaging a third in Bahrain. AWS reported structural damage, power disruptions, and fire‑suppression‑related water damage that compromised the data center hardware. The attacks, described by threat intelligence lead Kathryn Raines as “the new blueprint for modern warfare,” demonstrate that hyper‑scale cloud data centers have become Tier 1 strategic targets. Raines noted that many providers locate backup centers within 60 miles of primary sites, making them equally vulnerable to kinetic attacks and emphasizing that cloud architecture is built for bad weather, not war.
Most Google Cloud Attacks Start With Bug Exploitation | Dark Reading
Google’s Cloud Threat Horizons Report revealed that 44% of initial‑access activity in Google Cloud was driven by software‑based entry, including remote code execution and other vulnerability exploits. This shift eclipses credential abuse and misconfiguration, which have historically been the primary vectors. The report attributes the trend to Google’s secure‑by‑default strategies and the reduced attack surface for stolen credentials. Attackers, in turn, are focusing on user‑managed third‑party software, with the React2Shell vulnerability in React Server Components cited as a high‑profile example. Outside Google Cloud, identity remains the dominant vector, with 83% of platform‑agnostic initial access linked to credential issues. The report highlights the accelerating role of AI‑driven vulnerability analysis and exploit development in enabling rapid weaponization of newly disclosed CVEs.
These parallel developments point to a need for a layered defense that addresses both the physical security of data center infrastructure and the software hygiene of cloud‑hosted applications. As organizations continue to adopt hybrid and multi‑cloud strategies, the resilience of their cloud environments will depend on proactive measures against both kinetic threats and evolving exploitation tactics.
(Created with Ollama and GPT-OSS)