According to Infosecurity Magazine, identity has officially become the top source of cloud security risk according to ReliaQuest’s latest threat report. The security firm found that a staggering 44% of true-positive alerts in Q3 2025 were traced directly to identity-related weaknesses like excessive permissions and credential abuse. Here’s what’s really alarming – attackers can buy legitimate cloud credentials on dark web markets for as little as $2 because they’re often stored insecurely and stolen by info-stealer malware. And get this – ReliaQuest claims that 99% of cloud identities are over-privileged, meaning once attackers get in, they can basically do whatever they want. Meanwhile, 71% of critical vulnerability alerts came from just four CVEs dating all the way back to 2021, showing how legacy vulnerabilities keep getting systematically redeployed through automated processes.
Sponsored content — provided for informational and promotional purposes.
<h2 id="why-credentials-are-so-cheap”>The $2 Cloud Key Problem
So why are cloud credentials so ridiculously cheap on criminal markets? It’s simple supply and demand. We’re talking about credentials that get phished, stored in insecure locations, or snatched by info-stealer malware that’s everywhere these days. When there’s that much supply floating around, prices plummet. Think about it – for the cost of a coffee, an attacker gets legitimate access to your cloud environment. They’re not breaking in anymore – they’re logging in. And because most organizations manage thousands of identities across AWS, Azure, Google Cloud and SaaS apps, there’s just too much surface area to protect perfectly.
When Everyone Has Admin Access
Here’s the thing about that 99% over-privileged statistic – it’s not that shocking when you think about how cloud permissions actually work in most companies. Developers need access to do their jobs, security teams are stretched thin, and nobody wants to be the person slowing down deployment. So what happens? Everyone gets broad permissions “just in case.” The problem is, attackers love this approach. They don’t need to exploit fancy zero-days when they can just use the excessive permissions you’ve already given yourselves. It’s like leaving your front door unlocked because you can’t be bothered to find your keys.
Your DevOps Pipeline Is Redeploying Old Bugs
This might be the most concerning part – we’re literally automating our own security problems. The same cloud automation that lets us spin up infrastructure in minutes is systematically redeploying vulnerabilities from 2021. Think about that template you created three years ago that had a known vulnerability? Every time someone uses that template today, they’re recreating that same security hole. New servers, containers, and functions get deployed faster than security teams can even scan them, creating what ReliaQuest calls an “unmanageable vulnerability backlog.” We’re building technical debt at cloud scale, and attackers are cashing in.
So What Actually Changes?
The scary part is that this isn’t a problem you can just throw more security tools at. This is about fundamental processes and cultural shifts. Organizations need to get serious about managing those over-privileged identities, implementing proper credential hygiene, and breaking the cycle of redeploying known vulnerabilities. But let’s be real – that means slowing down, being more deliberate about deployments, and probably annoying some developers who just want to ship code. The question is, are companies willing to trade a little speed for a lot more security? Given how cheap our credentials have become, maybe it’s time we start.
