Identity: The Leading Cloud Security Threat
▼ Summary
– Identity-related weaknesses like excessive permissions and credential abuse drove 44% of true-positive cloud security alerts in Q3 2025.
– Attackers exploit cheap, readily available cloud credentials sold for as little as $2 on dark web markets due to insecure storage and phishing risks.
– 99% of cloud identities are over-privileged, allowing attackers to escalate access and operate as legitimate users without triggering alarms.
– Poor DevOps practices cause systematic redeployment of legacy vulnerabilities, with 71% of critical alerts linked to just four 2021 CVEs.
– Automated cloud deployments rapidly replicate flaws across environments, creating an unmanageable vulnerability backlog faster than security teams can address.
A new report from cybersecurity firm ReliaQuest reveals that identity-related weaknesses and outdated vulnerabilities are now the primary drivers behind the sharp increase in cloud-based security incidents. The study highlights how attackers are increasingly exploiting these gaps to gain unauthorized access to sensitive systems and data.
According to the threat intelligence specialist, identity-related issues accounted for a significant 44% of all confirmed security alerts during the third quarter of 2025. These problems typically involved excessive permissions, poorly configured user roles, and the misuse of legitimate credentials. Cybercriminals find this approach appealing because cloud access keys and login details frequently become available on underground markets, often due to insecure storage practices or after being harvested by phishing campaigns and information-stealing malware. The report notes that valid cloud credentials can be purchased on dark web forums for as little as two dollars.
Compounding the problem, most cloud identities come with far more access rights than necessary. ReliaQuest’s analysis indicates that an astonishing 99% of cloud identities are over-privileged. This allows attackers who obtain these credentials to log in appearing as authorized users, move laterally through systems, and escalate their access, all without triggering typical security alarms. Considering that the average company manages thousands of separate identities across platforms like AWS, Azure, Google Cloud, and various SaaS applications, the potential attack surface becomes enormous.
The report also draws attention to security risks introduced by substandard DevOps practices. In many cases, these practices lead to what the researchers term the “systematic redeployment” of known legacy vulnerabilities into new software builds. The cloud’s core advantage, rapid, on-demand infrastructure deployment, ironically becomes a source of systemic risk. In the push for development speed, and often amid unclear responsibility for fixing security flaws, organizations can unintentionally perpetuate vulnerabilities across their environments.
Every automated deployment of a new server, container, or serverless function has the potential to copy a single flaw from an old template throughout the entire cloud infrastructure in a matter of minutes. As this cycle repeats each day, new digital assets are generated faster than security teams can manually find and fix them. The data underscores this concern: 71% of critical vulnerability alerts handled by ReliaQuest in the quarter originated from just four common vulnerabilities and exposures (CVEs), all of which were first identified back in 2021. The consequence is a continuously growing attack surface and a backlog of vulnerabilities that becomes increasingly difficult to manage.
To counter these threats, the report strongly advises organizations to take decisive steps to strengthen their security posture. Key recommendations include implementing stricter identity and access management controls, conducting regular permission reviews, and integrating security scanning directly into DevOps pipelines to prevent the reintroduction of old vulnerabilities.
(Source: Info Security)
