Here are the most prevalent vulnerabilities targeting cloud businesses

Lacework is publishing its third Cloud Threat Report, a semi-annual report on current cybersecurity threats in the cloud. Conducted over six months, the Cloud Threat Report revealed that hackers step up their efforts to gain illicit access to cloud data and resources. In addition to continuing to target cloud platforms other than AWS, Microsoft Azure, and Google Cloud, cybercriminals are rapidly using new methods of attack to target cloud-powered businesses.

In a context where governments around the world are warning organizations against increasing cybercrimethe report’s findings highlight some of the most common threats that businesses need to protect.

Small businesses are particularly at risk from cloud access brokers, who sell access to cloud accounts online. According to the report, 78% of SMBs studied by the Lacework Labs team have compliance defects within their cloud infrastructure, allowing attackers to gain initial access, extend privileges and recover the data protected.

“Threat actors continue to be inventive in creation and adoption new methods of attack to compromise the cloud said James Condon, Director of Research at Lacework. “Companies moving more data to the cloud infrastructure need to be equally agile, applying best security practices and modern tools with continuous surveillance to stay ahead of cybercriminals and keep information secure.” »

The third edition of the Cloud Threat Report highlights four main areas of cloud security including cloud security postures, supply chain and software vulnerabilities, linux malware and runtime threats, and proactive defense and intelligence gathering. Based on anonymous data collected on the Lacework platform between September 2021 and February 2022, the report revealed that:

The poor posture of cloud security is a boon for hackers: 72% of monitored cloud environments have insecure configurations, providing an efficient way for attackers to gain initial access, permanently establish themselves within the environment, multiply permissions and gain access with data protected in different clouds. Most of the issues seen were with the AWS IAM, S3, and EC2 services, which is also one of the most used services by hackers.

All clouds are targets, not just the big 3: Although AWS is one of the largest cloud service providers, its accounts account for only 16% of all prohibited access hosting for sale, while lesser-known companies like HostGator and Bluehost accounts for half. . Although business accounts start at $ 300 and reach $ 30,000, the average price of a compromised AWS account is approximately $ 40. The high volume of these cheap accounts suggests that hackers may be taking advantage of increasing compliance failures with SMBs and the lack of attention being paid to consumer account security.

Log4j remains a serious threat, and malware adapts quickly: 31% of malware attacks observed by the Labs team use Log4j as the initial attack vector. Additionally, Muhstick, the most commonly seen malware family, can introduce vulnerabilities like Log4j into its operations within 48 hours, proving how quickly an actor’s threats can react to take advantage of disclosure. of weakness. .

Leave a Comment