EN
Overkill Security
Overkill Security
113 subscribers

Adaptation to Cloud Services. Chameleons of the Cyber World

The adaptation of attacks to target cloud services marks a significant evolution in the landscape of cyber espionage and cyber warfare. This shift is not merely a change in target but represents a deeper strategic adaptation to the changing technological environment and the increasing reliance of governments and corporations on cloud infrastructure. The move towards cloud services by organizations is driven by the benefits of scalability, cost-efficiency, and the ability to rapidly deploy and update services. However, this transition also presents new vulnerabilities and challenges for cybersecurity.
Strategic Shift to Cloud
As organizations have modernized their systems and migrated to cloud-based infrastructure, actors have adapted their tactics, techniques, and procedures (TTPs) to this new environment. This adaptation is driven by the realization that cloud services, by centralizing vast amounts of data and resources, present a lucrative target for espionage and intelligence gathering. The cloud's architecture, while offering numerous advantages to organizations, also necessitates a reevaluation of security strategies to address unique vulnerabilities.
Tactics, Techniques, and Procedures (TTPs)
The adaptation of actors to cloud services involves a range of sophisticated TTPs designed to exploit the specific characteristics of cloud environments. One of the primary methods of gaining initial access to cloud-hosted networks involves authenticating to the cloud provider. This can be achieved through various means, including brute forcing and password spraying to access services and dormant accounts. These accounts, often used to run and manage applications without direct human oversight, are particularly vulnerable as they may not be protected by multi-factor authentication (MFA) and may possess high levels of privilege.
Furthermore, actors have been observed using system-issued tokens for authentication, bypassing the need for passwords. They have also exploited the process of enrolling new devices to the cloud, bypassing MFA through techniques such as "MFA bombing" or "MFA fatigue." Additionally, the use of residential proxies to obscure their internet presence and make malicious activity harder to detect represents another layer of sophistication in their operations.
Implications and Mitigations
The adaptation of actors to target cloud services has significant implications for cybersecurity. It underscores the need for organizations to implement robust security measures tailored to the cloud environment. This includes enforcing strong password policies, implementing MFA, managing and monitoring service and dormant accounts, and configuring device enrollment policies to prevent unauthorized access. Additionally, adjusting the validity time of system-issued tokens and employing network-level defenses to detect and mitigate the use of residential proxies are critical steps in defending against these threats.
Creator has disabled comments for this post.

Subscription levels

Regular Reader

$ 15,7$ 7,9 per month
50%
Ideal for casual regular who are interested in staying informed about the latest trends and updates in the cybersecurity world

Pro Reader

$ 32 per month
Designed for IT professionals, cybersecurity experts, and enthusiasts who seek deeper insights and more comprehensive resources. + Q&A
Go up