Cloud Security Risk From Misconfigurations and Multi-Cloud Complexity
Recorded Future’s Insikt Group assessed the cloud threat hunting and defense landscape and highlighted misconfigurations and vulnerability exploitation as persistent, high-commonality risks in cloud environments. The report notes that misconfigurations are frequently exploited for initial access and privilege expansion, while cloud environments also inherit vulnerability exposure from embedded third-party technologies; it further argues that the business impact of cloud exploitation is not always directly proportional to exploitability, and that risk evolves as cloud services and configurations change.
An SC Media commentary on multi-cloud security similarly emphasizes that multi-cloud adoption increases complexity and reduces centralized control, creating security gaps such as configuration drift, fragmented visibility across provider consoles, and inconsistent policy enforcement. It also points to expanded attack surfaces via multiple entry points and API interconnections, plus fragmented compliance due to data residency and differing regulatory mandates—conditions that can increase incident likelihood even without a single discrete breach or vulnerability disclosure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Cloud threat landscape report summarizes 2025 cloud attack patterns
Recorded Future published an assessment of the 2025 cloud threat hunting and defense landscape, highlighting misconfiguration and vulnerability exploitation as common drivers of cloud compromise. The report also cited 2025 examples involving AzureHound, Citrix NetScaler, Barracuda ESG, Grafana, OneDrive File Picker, and the AWS 'WhoAMI' issue to illustrate exposure-driven cloud risk.
SC Media outlines a DevSecOps roadmap for securing multi-cloud environments
SC Media published a perspective piece arguing that multi-cloud adoption often increases complexity, weakens visibility, and fragments compliance unless security is embedded throughout DevSecOps. It recommended governance and policy-as-code, IaC and runtime protections, stronger secrets management, supply chain validation, consolidated CNAPP/CSPM tooling, and continuous validation for emerging threats such as AI/ML pipeline attacks and cross-cloud data exfiltration.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Compromised Credentials and Misconfigurations as Leading Causes of Cloud Security Incidents
A recent Amazon Web Services (AWS) report, produced in collaboration with Vanson Bourne, highlights that compromised credentials and misconfigurations are among the top causes of security incidents in public cloud environments. The report, based on a survey of 2,800 technology and security firms across 13 countries, found that vulnerability exploitation accounted for 24% of cloud security incidents, while compromised credentials were responsible for 20%. Physical theft and misconfigurations followed at 19% and 16%, respectively. The findings emphasize that as organizations rapidly migrate applications and data to the cloud, human factors and operational errors remain significant contributors to breaches, with nearly 80% of organizations reporting a data breach in the past year, whether on-premises or in the cloud. Experts cited in the report stress the critical need for identity-aware security strategies, such as microsegmentation, to limit attackers' ability to exploit valid accounts and move laterally within compromised networks. The convergence of cloud persistence, token replay attacks, and traditional malware techniques has increased the risk landscape, making it essential for organizations to address identity security debt and implement robust controls to protect cloud environments. The report also notes that while confidence in cloud adoption is high, cybersecurity and privacy concerns remain the primary barriers for many organizations, underscoring the importance of continuous vigilance and proactive security measures in cloud operations.
Mar 21, 2026
Cloud Security Risks and Organizational Adaptation
Misconfigured cloud services continue to pose significant security risks for enterprises, with a recent Qualys report revealing that a large percentage of virtual machines across AWS, GCP, and Azure have improperly configured resources. Security experts highlight that while organizations often enable some cloud security features, critical controls such as logging, monitoring, and multi-factor authentication are frequently neglected, increasing the likelihood of breaches. The report also notes that 28% of surveyed professionals experienced a cloud or SaaS-related breach in the past year, and 24% identified misconfiguration as the top risk to their cloud environments. As cloud adoption accelerates, organizations are restructuring IT teams to address these evolving security challenges. There is a marked increase in demand for specialized roles such as cloud security architects, system administrators, data architects, and governance/compliance managers. These roles are essential for designing secure cloud infrastructures, managing configurations, ensuring regulatory compliance, and responding to incidents, reflecting a broader industry trend toward prioritizing cloud security and governance as core business objectives.
Mar 21, 2026
Strategic Shifts in Enterprise Cybersecurity Preparedness and Cloud Risk Management
Enterprise organizations are increasingly recognizing the convergence of cyber and operational risks, particularly as reliance on cloud infrastructure grows. Recent high-profile outages, such as the AWS US East 1 incident, have demonstrated that disruptions—whether caused by technical failures or cyberattacks—can have similar operational and reputational impacts. Security leaders are urged to prioritize preparedness, scenario planning, and governance to address these challenges, as traditional backup architectures may not be sufficient to mitigate the cascading effects of cloud service failures. The growing adoption of hybrid and multi-cloud environments, driven by business needs and AI integration, further complicates risk management, requiring organizations to adapt their security strategies to address the unique challenges posed by cloud diversity and complexity. Surveys and expert commentary highlight that a majority of organizations now depend on hybrid or multi-cloud strategies, with a significant portion planning further cloud adoption. This shift necessitates a holistic approach to cloud risk, emphasizing the importance of resilience, compliance, and proactive risk mitigation. Security teams must navigate the increased attack surface and operational dependencies introduced by cloud environments, ensuring that both technical and organizational measures are in place to manage and contain cloud-related risks effectively. The evolving landscape underscores the need for continuous adaptation of cybersecurity strategies to safeguard critical business functions in an era of ubiquitous cloud reliance.
Mar 21, 2026