Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management
Google Warns of Cyber Trends Gaining Traction
The virtualized layer of technology underpinning modern IT deployments is transforming from a strength to a cybersecurity vulnerability, warns Google in a report extrapolating current trends through the next year.
See Also: AI vs. AI: Leveling the Defense Playing Field
A confluence of factors are meeting to convert yesterday’s once paradisiac virtualized environments into a “critical blind spot,” says Google Cloud Security in a forecast for 2026. While security teams concentrated on securing endpoints, the core virtualization fabric has gone mostly unmonitored by endpoint detection and response, and slipped into outdated software versions configured by insecure defaults, the cloud giant says.
“When combined with deep-seated integrations into legacy core identity services, the hypervisor transforms from an infrastructure component into a high-leverage entry point, where a single compromise can grant adversaries control over the entire digital estate,” it says.
The result, Google warns, is a coming cavalcade of fast-moving attacks “designed for systemic disruption,” principally by financially motivated hackers. Enterprises that want to head them off will need to enact a strategic shift in their security strategy that moves beyond the scale of individual users.
The combination of ransomware, data theft and extortion will still be “the most financially disruptive category of cybercrime” in 2026, not least because cybercriminals honing in on commercial supply chains can cause cascading economic damage (see: Jaguar Land Rover Hack the Costliest Ever in the UK).
Another growing target for ransomware hackers will be critical software such as enterprise resource planning systems, and such attacks will have knock-on effects for industrial control systems and operational technology, Google said. Disrupting enterprise software affects industrial control systems and operational technology by making unavailable the data essential for OT operations. Hackers may also directly breach OT networks by exploiting insecure remote access points, using access to deploy Windows malware. Financially motivated hackers will be the principle source of ICS and OT attacks, Google predicts. “Targeted nation-state attacks, though less frequent, will remain highly sophisticated and tied directly to specific geopolitical conflicts.”
A Resurgent Russia
Google’s forecast for nation-state hacker include the prediction that Russia will move past its singular focus on its war with Ukraine to encompass more cyberespionage operations across the globe. It will continue to target the Ukrainian government and military.
But recent Russian activity in Europe and North America combined with novel and creative tactics suggests “a transition towards long-term development of advanced cyber capabilities” as well as “intelligence collection to support Russia’s global political and economic interests.”
Pro-Russia information operations will likely intensify with the coming of 2026 elections in the United States. Pro-Russia hacktivists will continue to pose an unpredictable threat – including OT environment, as evidenced by an April 2025 compromise of a Norwegian dam (see: Breach Roundup: Russian Hackers Attacked Norwegian Dam).
China will continue to be the source of sustained, high-pace threat activity. Google says Beijing may intensify its focus on breaching semiconductor manufacturers.
Rise in AI Threats
Advancements in artificial intelligence bring “unprecedented growth” and “new sophisticated risks,” Google warns.
Because a large number of companies are now integrating advanced models into their operations, the company warned that coupling is likely to provide hackers with more opportunities to carry out prompt injection attacks.
“This isn’t just a future threat; it’s a present danger and we anticipate a significant rise in these attacks throughout 2026,” Google says.
Increased adoption of AI agents could also give rise to heightened risks tied to shadow AI agents – autonomous AI systems developed without adequate approval or oversight.
AI will also prove a boon to threat actors such as ShinyHunters that specialize in social engineering as an initial access vector, Google predicts. Hackers also use AI tools to create hyper realistic impersonations of corporate executives or IT staff to wheedle permissions out of victims. “AI allows for scalable, customized attacks that bypass traditional security tools, as the focus is on human weaknesses rather than the technology stack.”
link