Google: Cloud Misconfigurations Drop, Attackers Pivot

Google's latest research indicates a notable decrease in cloud misconfigurations — a long-standing entry point for many breaches. While that sounds like good news for defenders, the report warns that attackers are adapting: they're increasingly exploiting third-party vendors and software flaws to gain footholds.

According to the findings, improved tooling, tighter defaults and broader awareness have helped reduce simple configuration mistakes in major cloud environments. That trend means misconfiguration-driven compromises are becoming less common, but cybercriminals aren't going away. Instead, they're shifting their tactics to targets that remain comparatively weak.

Third-party providers are a primary focus. Vendors and service integrators can introduce vulnerabilities across customer environments, and attackers are leveraging those trusted relationships to move laterally. The report highlights incidents where compromised suppliers allowed adversaries to bypass hardened cloud defenses and reach sensitive systems.

Software vulnerabilities — from unpatched applications to zero-day flaws — are another favoured avenue. As organisations lock down cloud settings, attackers appear to be hunting for exploitable bugs in widely used libraries and services, then chaining those flaws to escalate access.

For security teams, the message is clear: hardening cloud configs remains important, but it’s not enough on its own. Greater emphasis on supply-chain security, continuous vulnerability management, and more rigorous vendor assessments are needed. Organisations may also need to accelerate patching workflows and adopt stronger isolation for third-party integrations.

In short, the cloud threat landscape is shifting rather than shrinking. Defenders who balance improved configuration hygiene with proactive third-party and software vulnerability controls will be best positioned to reduce risk as attackers pivot to these newer pathways.