Cloud attacks still old‑fashioned

Most cloud break-ins still start the old way: a public-facing service, a leaked secret, or a bad setting that should never have been left on. Wiz says those familiar entry points accounted for roughly 80% of documented cloud intrusions it analyzed from 2025 incidents. (wiz.io) Cloud computing is just rented computers and storage run by someone else, and every workload comes with switches for who can reach it and what it can do. A cloud attack usually begins when one of those switches is set too loosely, like leaving a side door unlocked in a building with thousands of rooms. (wiz.io) Identity is the badge system for that building: user accounts, service accounts, keys, and tokens decide which doors open. Google Cloud said identity compromise underpinned 83% of compromises in the second half of 2025, which shows why attackers keep going after logins instead of writing exotic new malware. (cloud.google.com) A misconfiguration is just a wrong setting with real consequences, like a storage bucket exposed to the internet or a firewall rule that is wider than intended. Tenable said 9% of publicly accessible cloud storage contained sensitive data in 2025, and 97% of that exposed data was classified as restricted or confidential. (tenable.com) Secrets are the digital keys inside these systems: passwords, application programming interface keys, and cloud credentials that software uses to talk to other software. Tenable found that 54% of organizations stored at least one secret directly in Amazon Web Services Elastic Container Service task definitions, which turns a configuration file into a prize for anyone who gets in. (tenable.com) Permissions decide how far an attacker can move after that first mistake. The Cloud Security Alliance said excessive permissions caused 31% of cloud-related breaches it surveyed, while inconsistent access controls and weak identity hygiene each showed up in 27% of breaches. (cloudsecurityalliance.org) That is why an exposed server is dangerous in two different ways at once: it can be a front door, and it can also be a staircase. Orca Security found that 13% of organizations had a single cloud asset supporting more than 1,000 attack paths, meaning one neglected machine can connect an intruder to a huge chunk of the environment. (orca.security) Artificial intelligence changed the shape of the cloud more than the basic playbook of attacks. Wiz says new artificial intelligence services, pipelines, identities, and data paths created more places for the same old problems to appear, often closer to sensitive data and high-value workloads. (wiz.io) Google saw the speed problem get worse in late 2025, with the gap between a vulnerability being disclosed and active exploitation shrinking from weeks to days. When companies add artificial intelligence tools faster than they update access rules and configuration checks, they are effectively building new rooms faster than they can label the doors. (cloud.google.com) The fix is also old-fashioned: know every asset you have, strip every identity down to least privilege, and keep checking for drift before attackers do. The cloud story in 2025 was not that defenders needed a brand-new theory of security; it was that basic hygiene still decides who gets breached first. (wiz.io)