Cloud Security Crisis: Identity Failures and Legacy Vulnerabilities Fuel Surge in Attacks

Listen to this Post

Featured Image

Introduction

As organizations accelerate their adoption of cloud technology, a new wave of cyber threats is exploiting weaknesses that are often overlooked. A recent report from ReliaQuest reveals a worrying trend: identity failings and legacy vulnerabilities are driving a sharp increase in cloud attacks. Threat actors are now leveraging misconfigured permissions, stolen credentials, and outdated software patterns to gain access to corporate systems, exposing businesses to unprecedented risk.

Summary of Findings

ReliaQuest’s report shows that identity-related weaknesses are at the heart of nearly half of true-positive security alerts in Q3 2025. Specifically, 44% of these alerts were linked to excessive permissions, misconfigured roles, and credential abuse. The report underscores that cloud credentials are highly vulnerable because they are often stored insecurely, making them prime targets for phishing and malware campaigns. Shockingly, stolen credentials can be purchased on dark web markets for as little as $2.

One of the most critical issues is over-privileged accounts. ReliaQuest found that 99% of cloud identities have excessive permissions, allowing attackers to log in as legitimate users and move laterally within systems undetected. With organizations managing thousands of identities across AWS, Azure, Google Cloud, and SaaS applications, the potential attack surface is massive.

Poor DevOps practices exacerbate the problem. The report points out that automated deployments can systematically replicate legacy vulnerabilities, effectively embedding old flaws into new software environments. Every new server, container, or serverless function deployed using an old template can propagate a single flaw across the environment in minutes, outpacing security teams’ ability to mitigate them.

ReliaQuest also highlighted that a disproportionate number of critical vulnerabilities—71% of alerts—stemmed from just four CVEs dating back to 2021. This illustrates how old vulnerabilities remain a persistent and expanding threat. The resulting backlog of unaddressed vulnerabilities leaves organizations exposed to attacks, creating a growing and unmanageable security risk.

The report recommends a series of measures to reduce these risks, including eliminating static AWS keys for humans in favor of short-term credentials via AWS Security Token Service (STS), enforcing least-privilege policies using tools like AWS IAM Access Analyzer, GCP IAM Recommender, and Microsoft Entra Permissions Management, and automating security checks in CI/CD pipelines through static analysis tools to prevent misconfigurations from reaching production.

What Undercode Say:

The ReliaQuest findings illuminate the intersection of identity management failures and cloud security, highlighting a structural issue in modern DevOps and cloud operations. Identity is increasingly becoming the weak link in enterprise cybersecurity because it is inherently a “soft target” for attackers. Credentials, especially when over-privileged, allow attackers to bypass traditional perimeter defenses entirely. The economics are simple: buying stolen credentials is cheap, fast, and highly effective.

Organizations often underestimate the risks introduced by legacy vulnerabilities, especially in fast-moving DevOps environments. The automation that provides agility also creates a double-edged sword; flawed templates and configurations replicate weaknesses exponentially, overwhelming security teams. This phenomenon, sometimes called “vulnerability inheritance,” shows that modern cloud security isn’t just about defending perimeter walls—it’s about controlling identity, access, and automation at scale.

Addressing this crisis requires a paradigm shift: security must be integrated into the design of cloud infrastructure, not treated as an afterthought. CIEM tools can help enforce least privilege across large, complex environments, but they must be paired with cultural and procedural changes, ensuring developers and security teams share accountability for risk. Automated security testing is no longer optional; it is essential to keep pace with the velocity of modern deployments.

Another factor is visibility. Organizations often lack clear insight into how identities and permissions are used across cloud and SaaS environments. Without continuous monitoring, even robust policies fail in practice. AI-driven monitoring, anomaly detection, and behavioral analysis are becoming crucial to identifying misuse and abnormal activity in real time.

In the long term, the shift to short-lived credentials and token-based access represents a critical evolution in cloud security. Reducing static access points limits the potential gain for attackers and forces them to act faster, which increases the chances of detection. Additionally, remediating long-standing vulnerabilities—even those considered “low priority”—must be a continuous effort to avoid legacy flaws becoming the weak link in automated deployments.

The report also indirectly highlights the need for better collaboration between DevOps, security, and identity teams. In many organizations, these groups operate in silos, slowing risk mitigation and creating gaps that attackers can exploit. Aligning teams under a shared responsibility model, supported by automation, provides a sustainable defense strategy against increasingly sophisticated identity-based attacks.

Ultimately, the surge in cloud attacks underscores a fundamental truth: security in the cloud is only as strong as its weakest identity or outdated configuration. Organizations that fail to adopt a proactive, automated, and identity-focused security posture are leaving the door wide open for cybercriminals. The stakes are higher than ever, and the solutions are clear—but require discipline, investment, and cultural change.

Fact Checker Results:

✅ 44% of true-positive alerts in Q3 2025 were identity-related.

✅ 99% of cloud identities are over-privileged.

❌ Legacy vulnerabilities are not evenly distributed; most alerts stem from a few high-risk CVEs.

Prediction

📊 As cloud adoption accelerates, identity-based attacks will continue to rise unless organizations adopt automated CIEM tools and short-lived credential policies. AI-driven security monitoring will become standard practice, while legacy vulnerability remediation will increasingly dictate whether enterprises remain resilient or fall victim to preventable breaches. Organizations ignoring identity hygiene risk facing exponential increases in attack surface and regulatory scrutiny.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: www.infosecurity-magazine.com
Extra Source Hub (Possible Sources for article):
https://www.pinterest.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon