Identifying & Analysing Emerging Cloud Threats

Uploaded on 2023-08-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A new report from Aqua Security analysed 700,000 attacks in the wild and an analysis of threat actors’ changing tactics, techniques, and procedures. It provides security practitioners with greater insight into the mind of the attacker to help you make better, faster decisions to protect your entire cloud native stack
  
Cloud computing has transformed how businesses design, develop, deploy, and manage their applications for improved scalability, flexibility, and agility.

However, the sheer speed and scope of the cloud native environment demands smarter decisions when prioritising limited resources. Moreover, its enlarged attack surface and level of complexity attract additional risk, which must be addressed to meet the original purpose of deciding to migrate to the cloud.

Of the many findings in the report, one of the most significant demonstrates that threat actors are heavily investing resources to avoid detection and establish a stronger foothold in compromised systems. The research found that in one year there has been a 1,400% surge in fileless or memory-based attacks, which exploit existing software, applications, and protocols to perform malicious activities.

The tricky part is that the distributed nature of cloud native applications and associated components make it difficult to identify and mitigate potential threats. That’s why learning from the wider experiences of other companies can help bolster your defences. We have grouped our findings around three distinct areas based on this wider feedback.

Software Supply Chain Threats

The development and distribution of software in a cloud-based environment is characterised by intricate networks of dependencies involving multiple entities. These entities include cloud service providers, source-code management applications, CI/CD tools, and registries, all playing crucial roles at different stages of the SDLC process. Cloud-based software systems are highly interconnected, comprising numerous layers of components that interact with one another. Consequently, ensuring the security of the software supply chain becomes a formidable challenge.

This complexity introduces a vast attack surface, encompassing various applications, which can potentially result in misconfigurations and vulnerabilities. According to our research, instances of software supply-chain attacks have seen a staggering year-over-year growth rate of over 300%. Gartner predicts that by 2025, 45% of organizations would have experienced a software supply chain attack.

We found that malicious intruders can hijack software packages as attack vectors to disrupt the supply chain. At the same time, package planting enables attackers to disguise malicious payloads as legitimate. Additional recent research demonstrated how registries, which are a key part of the software supply chain in the cloud, can act as first access to expand across the cloud.

Risk Posture Assessment

It is crucial to introduce robust and consistent cloud security protocols, such as identifying and patching vulnerabilities while repairing any misconfigurations. That’s because the development of cloud-first software, while transforming how we do business, has also opened us up to new threat actors and new weak spots.

There are many variations when it comes to the potential impact of these new vulnerabilities. Some enable privilege escalation, some expose data, but attackers often look to vulnerabilities that enable remote code execution because these can allow them to gain access to virtually any server and malicious action they want to trigger. Once malicious forces gain initial access, there are many techniques in their toolbox to evade detection, bypass restrictions, and build persistence.

Our research showed that the top ten vulnerabilities scanned in 2022 (excepting Log4Shell which was overwhelmingly high compared to the rest) were mostly related to the ability to conduct remote code execution. This supports the theory that attackers are looking for initial access to run malicious code on remote systems.

The Importance Of Monitoring Runtime

Defending workloads in a runtime environment (where code executes) is vital to securing the integrity of your business data and applications. It is a tantalising opportunity for bad actors to seize data and cause disruption so we mustn’t leave runtime environments exposed to attack vectors.

Begin by introducing a monitoring protocol which includes scanning for known malicious files and network communications, then blocking them and alerting when they surface. Add monitoring for markers that indicate malicious behaviours, such as unauthorised attempts to access sensitive data, efforts to conceal processes while promoting privileges, and opening back doors to unvalidated IP addresses.

At the end of the day, it is crucial to deploy robust, reliable defence mechanisms from code to cloud to ensure that both data and applications are well protected against malicious attacks.

Key Takeaways

  • Threats are now focusing on avoiding detection to build a stronger presence in compromised systems.
  • Even minor misconfigurations in the software supply chain can open the door to vulnerabilities across the application’s lifecycle.
  •  More threats are targeting the runtime environment, which continues to be attack surface with most immediate blast impact.

Nurit Bielorai is Product Manager at Aqua Security

You Might Also Read: 

Open Source Software In The Cloud:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Major Sporting Events Are Open Targets
AI Is The Next Big Thing For Browser Security   »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Information Security Forum (ISF)

Information Security Forum (ISF)

The ISF is a leading authority on information security and risk management.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Zimperium

Zimperium

Zimperium offers enterprise class protection for mobile devices against the next generation of advanced mobile attacks.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

National Cyber Security Centre (NCSC) - New Zealand

National Cyber Security Centre (NCSC) - New Zealand

The role of the NCSC is to help New Zealand’s most significant public and private sector organisations to protect their information systems from advanced cyber-borne threats.

Havelsan

Havelsan

HAVELSAN is a leading technology company in Turkey developing indigenous systems for domestic and foreign military, public and private sector clients.

Ensign InfoSecurity

Ensign InfoSecurity

Ensign InfoSecurity is Southeast Asia’s largest pure-play cybersecurity firm.

AlertEnterprise

AlertEnterprise

AlertEnterprise uniquely eliminates silos and uncovers blended threats across IT Security, Physical Access Controls and Industrial Control Systems.

YesWeHack

YesWeHack

YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered) to identify and report vulnerabilities in their systems.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Newberry Group

Newberry Group

The Newberry Group provides comprehensive IT services and solutions that optimize operations, minimize risk and deliver measurable business value.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.