Lacework report explains how cybercriminals use automation to accelerate from exploit to compromise

Lacework report explains how cybercriminals use automation to accelerate from exploit to compromise

Lacework, the data-driven cloud security company, has released the fourth Lacework Labs Cloud Threat Report to explain the new techniques and avenues cybercriminals are exploiting for profit at the expense of businesses.

The Lacework Labs Cloud Threat Report examines the cloud security threat landscape over the last three months, revealing new methods and avenues cybercriminals are exploiting to make money at the expense of businesses. The Lacework Labs team discovered a significantly more sophisticated attacker landscape in this edition, with an increase in attacks against core networking and virtualization software, as well as an unprecedented rise in the speed of attacks following a compromise. Among the key trends and threats identified are:

Increased speed from exposure to compromise: Attackers are developing to keep up with the development of cloud technology and response times. Today, several assault types are fully automated to take advantage of timing. Credential leakage is another one of the most typical targets. An example from the paper shows how quickly AWS could detect and flag a leaked AWS access key. The fact that an unknown adversary could log in and start tens of GPU EC2 instances despite the limited exposure shows how rapidly attackers can exploit a single simple mistake.

Increased focus on infrastructure, attacks explicitly against core networking and virtualization software: Adversaries continue to focus on fundamental networking infrastructure that is frequently deployed. Infrastructure defects are potential targets for attackers of all types since they often arise quickly and are published online.

Continued Log4j reconnaissance and exploitation: The Lacework Labs team frequently notices susceptible software targeted by OAST requests almost a year after the initial attack. According to an analysis of Project Discovery (interact.sh) activities, the top originators were Cloudflare and DigitalOcean.

“Creating an open source tool extends our capabilities as a research team and allows us to fully give back to and empower the developer community based on what we’re seeing from our threat research,” said James Condon, Director of Threat Research at Lacework. “As our research shows an increasingly more sophisticated attack landscape, this tool provides a more detailed analysis of an organization’s unique environment based on the new techniques being leveraged by attackers. Cloud Hunter is the first tool from Lacework to generate queries that can be directly converted into custom policies within a customer’s environment.”

The Lacework Labs team also looked into the expanding use of steganography and cryptojacking, as well as how attackers use “rogue accounts” to snoop about and probe S3 buckets.

WRITTEN BY

Team Eela

TechEela, the Bedrock of MarTech and Innovation, is a Digital Media Publication Website. We see a lot around us that needs to be told, shared, and experienced, and that is exactly what we offer to you as shots. As we like to say, “Here’s to everything you ever thought you knew. To everything, you never thought you knew”
0

Leave a Reply

Your email address will not be published. Required fields are marked *