In one study, cyber threat actors have fully exploited bot-based automation, cloud-enhanced speed and AI-driven tools to probe, prod and pilfer
According to a recently released cloud threat report, cybercriminals and other threat actors have adopted new techniques and avenues to profit at the expense of their victims over the past three months.
The research by Lacework across its own user base has uncovered an increase in attacks against core networking and virtualization software, and an unprecedented increase in the speed of attacks following a compromise.
Key trends and threats identified include:
- Digitalized cybercrime: Attackers are advancing to keep pace with cloud adoption and response time. Many classes of attacks studied in the research were now fully automated to capitalize on timing. One of the most common targets was credential leakage. In one case, an unknown adversary was able to log in and launch tens of AWS GPU EC2 instances, underscoring just how quickly attackers can take advantage of a single simple mistake.
- Attacks on core networking and virtualization software: Commonly deployed core networking and related infrastructure consistently remain a key target for adversaries. Core flaws in infrastructure often appear suddenly and are shared openly online, creating opportunities for attackers of all kinds to exploit these potential targets.
- Continued Log4j reconnaissance and exploitation: Software vulnerable to Log4j were targeted via OAST requests. Cloudflare and DigitalOcean were the top originators.
- Other trends: Crypto jacking and steganography incidents were growing in numbers, and attackers were also using rogue accounts for the reconnaissance and probing of S3 buckets.
According to James Condon, Director of Threat Research, Lacework: “Our research shows, based on the new techniques being leveraged by attackers, an increasingly more sophisticated attack landscape,” alluding to the sophisticated ways that cybercriminals and state-sponsored threat actors are also tapping into digitalization to automate their nefarious activities.
In response the firm has released an open source tool that customers can use for cloud hunting and security efficacy testing.