Cyberattacks surged by 75% in 2023, according to CrowdStrike's report
In the ever-evolving landscape of cybersecurity, a new threat is on the rise - threat actors exploiting cloud security gaps. According to Adam Meyers, head of counter adversary operations at CrowdStrike, more organizations are deploying cloud resources without a cohesive or equivalent security posture for their cloud deployments.
The CrowdStrike annual Global Threat Report (2023) corroborates this, stating that organizations with weak cloud security controls and limited cross-domain visibility are being targeted by threat actors and experiencing intrusions. The report further reveals that cyberattacks conducted by cloud-savvy threat actors increased 110% last year.
Threat actors are taking advantage of these inconsistent cloud security structures, living in the uncertainty between the enterprise and the cloud. They are using clouds for persistence, allowing them to maintain their access into a target if detected and a system gets remediated. Oftentimes, threat actors are able to create another account inside the cloud to come back through if they are detected and a system gets remediated.
The report also highlights that cloud environment intrusions increased by 75% from 2022 to 2023. More than 80% of these intrusions last year were financially motivated.
Threat actors are exploiting unique cloud features to initiate attacks. They are using credential compromise, cloud misconfigurations, and abuse of cloud administration tools to achieve persistence, lateral movement, and data exfiltration. They are also integrating AI in their attacks, both as a weapon and a target, with attacks rising sharply in cloud environments.
The ongoing Microsoft Azure account takeover campaign is a prime example of this. According to Proofpoint researchers, an ongoing campaign has affected more than 100 organizations. The financially-motivated threat actors behind this campaign are targeting individual employees, including executives.
Cybercriminals are using the cloud to deploy tooling, such as Microsoft Azure run commands, inside enterprise targets. They are also employing generative AI to craft more effective phishing, identity spoofing, and malware, while also directly targeting AI and cloud systems deployed by organizations.
To combat these threats, defenders are urged to enhance identity and access management, apply proactive vulnerability management, and monitor cloud administration activities closely. The evolving threat landscape in cloud security shows a blend of traditional tactics (credential theft, misconfiguration exploitation) combined with innovative approaches leveraging AI, supply chain compromises, and targeted cloud administrative attacks. It is a battle that requires vigilance and continuous adaptation.
[1] CrowdStrike Global Threat Report (2023) [2] Adam Meyers, media briefing, last week [3] Proofpoint researchers [4] Adam Meyers, statement [5] Various AI and generative AI research publications
Threat actors are targeting organizations with weak cloud security controls, leveraging unique cloud features such as credential compromise and cloud misconfigurations to establish persistence, lateral movement, and data exfiltration, as revealed in the CrowdStrike Global Threat Report (2023). To combat these threats, defenders are advised to strengthen identity and access management, implement proactive vulnerability management, and closely monitor cloud administration activities. The ongoing Azure account takeover campaign by financially-motivated threat actors underscores the need for continuous vigilance and adaptation in the evolving landscape of cloud security. [1, 2, 3, 4] This blend of traditional tactics and innovative approaches, including AI and targeted cloud administrative attacks, presents a challenging battlefield in data-and-cloud-computing technology. [5]
