Compromised Credentials and Misconfigurations as Leading Causes of Cloud Security Incidents
A recent Amazon Web Services (AWS) report, produced in collaboration with Vanson Bourne, highlights that compromised credentials and misconfigurations are among the top causes of security incidents in public cloud environments. The report, based on a survey of 2,800 technology and security firms across 13 countries, found that vulnerability exploitation accounted for 24% of cloud security incidents, while compromised credentials were responsible for 20%. Physical theft and misconfigurations followed at 19% and 16%, respectively. The findings emphasize that as organizations rapidly migrate applications and data to the cloud, human factors and operational errors remain significant contributors to breaches, with nearly 80% of organizations reporting a data breach in the past year, whether on-premises or in the cloud.
Experts cited in the report stress the critical need for identity-aware security strategies, such as microsegmentation, to limit attackers' ability to exploit valid accounts and move laterally within compromised networks. The convergence of cloud persistence, token replay attacks, and traditional malware techniques has increased the risk landscape, making it essential for organizations to address identity security debt and implement robust controls to protect cloud environments. The report also notes that while confidence in cloud adoption is high, cybersecurity and privacy concerns remain the primary barriers for many organizations, underscoring the importance of continuous vigilance and proactive security measures in cloud operations.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
AWS report says stolen credentials and misconfigurations drive cloud incidents
An AWS report published in early November 2025 said stolen credentials were a leading cause of cloud security incidents and that misconfigurations were behind many cloud breaches. Coverage also highlighted identity risks as a primary threat to cloud environments.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Cloud environments most threatened by identity risks, report finds
scworld.com
Open sourceCredentials and Misconfigurations Behind Most Cloud Breaches, Says AWS
hackread.com
Open sourceStolen credentials a leading cause of cloud security incidents
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Cloud Security Risks and Organizational Adaptation
Misconfigured cloud services continue to pose significant security risks for enterprises, with a recent Qualys report revealing that a large percentage of virtual machines across AWS, GCP, and Azure have improperly configured resources. Security experts highlight that while organizations often enable some cloud security features, critical controls such as logging, monitoring, and multi-factor authentication are frequently neglected, increasing the likelihood of breaches. The report also notes that 28% of surveyed professionals experienced a cloud or SaaS-related breach in the past year, and 24% identified misconfiguration as the top risk to their cloud environments. As cloud adoption accelerates, organizations are restructuring IT teams to address these evolving security challenges. There is a marked increase in demand for specialized roles such as cloud security architects, system administrators, data architects, and governance/compliance managers. These roles are essential for designing secure cloud infrastructures, managing configurations, ensuring regulatory compliance, and responding to incidents, reflecting a broader industry trend toward prioritizing cloud security and governance as core business objectives.
Mar 21, 2026
Common Security Challenges and Best Practices in Cloud and Hybrid Environments
Organizations increasingly face complex security challenges as they migrate data and operations to public cloud services such as AWS, Azure, and Google Cloud Platform. One company experienced a near-miss incident when a developer accidentally exposed a customer database on AWS S3, highlighting the critical importance of default encryption and strict access controls. Security teams learned that enabling server-side encryption in AWS, Storage Service Encryption in Azure, and Cloud Storage encryption in GCP is essential for protecting sensitive data at rest and in transit. The principle of least privilege proved vital, with careful management of IAM roles in AWS, RBAC policies in Azure, and Cloud IAM in GCP preventing unnecessary access. Automated security monitoring, using tools like AWS CloudTrail, Azure Monitor, and GCP Cloud Audit Logs, is necessary to detect and respond to suspicious activity or configuration changes in real time. In another case, a company discovered the risks of an unplanned hybrid cloud environment, where data was scattered across AWS, a private data center, and Google Cloud due to decentralized adoption by different departments. The lack of visibility into data locations created a significant security blind spot, prompting the implementation of a unified dashboard to track all assets. The disappearance of the traditional network perimeter in hybrid environments led to the adoption of single sign-on (SSO) and multi-factor authentication (MFA) across all platforms, ensuring secure access regardless of location. Both experiences underscored the need for coordinated security strategies and cross-departmental collaboration to manage cloud and hybrid environments effectively. Security teams must recognize that identity management is now the primary defense, requiring robust authentication and authorization mechanisms. The stories also illustrate the importance of rapid incident response and the value of learning from near-miss events to strengthen future defenses. Regular audits, continuous monitoring, and proactive policy enforcement are necessary to maintain security in dynamic cloud and hybrid infrastructures. Organizations are advised to treat cloud security as an ongoing process, adapting to new threats and technologies as they emerge. The lessons learned from these incidents are applicable to any organization leveraging cloud services, regardless of size or industry. Ultimately, a combination of technical controls, organizational policies, and user education forms the foundation of effective cloud and hybrid security. By prioritizing visibility, access management, and automated monitoring, companies can reduce the risk of data breaches and maintain customer trust. These best practices are essential for safeguarding sensitive information in today's interconnected digital landscape.
Mar 21, 2026
Cloud Security Risk From Misconfigurations and Multi-Cloud Complexity
Recorded Future’s Insikt Group assessed the **cloud threat hunting and defense landscape** and highlighted **misconfigurations** and **vulnerability exploitation** as persistent, high-commonality risks in cloud environments. The report notes that misconfigurations are frequently exploited for initial access and privilege expansion, while cloud environments also inherit vulnerability exposure from embedded third-party technologies; it further argues that the business impact of cloud exploitation is not always directly proportional to exploitability, and that risk evolves as cloud services and configurations change. An SC Media commentary on multi-cloud security similarly emphasizes that **multi-cloud adoption increases complexity and reduces centralized control**, creating security gaps such as configuration drift, fragmented visibility across provider consoles, and inconsistent policy enforcement. It also points to expanded attack surfaces via multiple entry points and API interconnections, plus fragmented compliance due to data residency and differing regulatory mandates—conditions that can increase incident likelihood even without a single discrete breach or vulnerability disclosure.
Mar 21, 2026