https://services.google.com/fh/files/misc/cloud_threat_horizons_report_h12026.pdf
According to Google’s Cloud Threat Horizons Report, cybercriminals targeting cloud environments have been increasingly exploiting system vulnerabilities in addition to relying on weak credentials. While compromised passwords remain a primary entry point, attackers are now leveraging flaws in software configurations and cloud infrastructure to escalate privileges and maintain persistent access. These sophisticated tactics enable threat actors to bypass traditional defenses and inflict greater damage within compromised networks.
The report highlight that attackers exploit both misconfigurations and zero-day vulnerabilities to gain footholds, often combining these methods with phishing or stolen credentials. This multi-faceted approach allows them to move laterally, extract sensitive data, and disrupt services. The shift underscores the evolving threat landscape in cloud security, where solely focusing on credential hygiene is insufficient to prevent breaches.
To counter these risks, organisations with cloud infrastructure are advised to implement comprehensive security measures, including regular vulnerability assessments, stringent access controls, and prompt patch management. Enhancing cloud monitoring and adopting zero-trust principles can also help detect and mitigate attacks exploiting underlying flaws in addition to weak credentials.