Cybercriminals Zeroing in on Cloud Data, Resources
Lacework’s latest quarterly Cloud Threat Report found threat actors are broadening the scope of their efforts to gain illicit access to cloud data and resources.
In addition to increased targeting of cloud platforms beyond AWS, Microsoft Azure and Google Cloud, malicious actors are rapidly adapting new attacks to target organizations in the cloud.
The report highlights vulnerabilities across four areas of cloud security. Those are cloud security posture; vulnerability and software supply chain; runtime threats and linux malware; and proactive defense and intelligence.
Based on anonymized data across the Lacework platform from September 2021 through February 2022, key findings of the report include:
- Cloud security mistakes are an open door for threat actors. Seventy-two percent of cloud environments monitored had insecure configurations, providing a warm welcome for attackers to gain initial access, establish persistence, escalate privileges and impact protected data across clouds.
- Your data is not safe in any cloud. Despite being the largest cloud service providers, AWS accounts make up only 16% of overall hosting account resales, while lesser known companies like HostGator and Bluehost make up half. On average, the price of a compromised AWS account is roughly $40, with corporate accounts being offered for as low as $300 and upwards of $30,000.
- Log4j remains a significant threat, and malware is adapting quickly. Thirty-one percent of malware infections observed by Lacework researchers use Log4j as the initial infection vector. What’s more, Muhstick, the malware family most commonly observed in the wild, can incorporate vulnerabilities like Log4j into their code within 48 hours, reinforcing that this threat will remain an issue over the long term.
James Condon is Lacework’s director of threat research.
“While cloud security isn’t getting worse, our investigations highlighted a marked increase in crimeware involvement in cloud-focused operations and improved capabilities,” he said. “The enhanced business model has extended the offerings of underground markets, allowing for more sharing and reselling of information, access and tooling.”
The security landscape continues to evolve as threat actors become more sophisticated and adept at targeting cloud vulnerabilities in particular, Condon said.
“From Log4j to the escalation in Lapsus$ attacks, high-profile security incidents are heightening security awareness for thousands of enterprises,” he said. “These attacks are a glaring reminder that we cannot overlook the basics of security.”
No security posture is perfect, but there is a lot more companies can be doing to protect themselves, Condon said.
“The latest string of attacks are a good example because they have something in common,” he said. “They leverage user credentials, and abuse those permissions for personal and financial gain. Organizations need to pay attention to two critical things in any security posture: authentication (who are you) and authorization (what can you do). These can seem like basic best practices, but it’s shocking how many organizations aren’t taking these steps. As we see in the latest threat report, attackers are taking advantage of the lack of focus on securing consumer and corporate accounts alike.”
