-
As cloud adoption continues to grow in enterprise environments, attackers are using the cloud to expand the reach of their attacks. Understanding their objectives often requires knowing what threat actors do: how they gain access and move within systems, what resources they target, and the steps they take to evade detection.
What do you need to know to defend yourself?
CrowdStrike’s 2023 Cloud Risk Report examines the rise in activity by cloud-aware adversaries, with incidents involving adversaries targeting digital environments nearly tripling, representing a 288% year-over-year increase.
Understanding attackers and their TTPs (tactics, techniques, and procedures) provides a solid foundation for your cybersecurity strategy. Common TTPs include: initial access, reconnaissance, privilege escalation, lateral movement, and evasion of defenses. In 67% of cloud security incidents observed by CrowdStrike, IAM roles with elevated privileges beyond what was required were found, indicating that an organization may have incorrectly configured permissions, or an adversary may have subverted the role to compromise the environment and move laterally.
Securing digital environments requires an understanding of what threat actors are doing, how they are gaining access and moving laterally, what resources they target, and the steps they take to avoid detection.
Key findings include:
– Cyberattackers use cloud infrastructure to host decoy documents and phishing malware.
– Identity is the key access point.
– Nearly half (47%) of critical misconfigurations are related to identity practices.
The key finding is that human error increases risk in the cloud.
In conclusion, the data reveals that identity is the key entry point, and attackers are using legitimate accounts to gain initial access and move laterally. Poor configurations and human error also increase cyber risk, underscoring the importance of effective identity and access management.
“Engaging, energizing, and inspiring the ecosystem is more important than ever, and it will help us make headway in the market and amplify our efforts,” reminds us Daniel Bernard, CrowdStrike’s Chief Business Officer.
As companies continue to adopt cloud technology to drive innovation and efficiency, it is imperative that we understand and address the risks this technology poses. Vigilance, adaptability, and investment in advanced security solutions will be essential to safeguarding business assets and the integrity of business operations in this new digital age.
Get in touch with Ricardo Shuck and Carlos Meyer from our Identity team and take the first step toward growing your business!
