CrowdStrike: Attackers focusing on cloud exploits, data theft

2023-03-07 16:51

Skies are overcast for cloud security With defenders' scanning for malware, data extraction is easier Zero trust key to malware-free insurgency Worldwide growth in hacktivists, nation-state actors and cybercriminals A rogues' gallery of jackals, bears and other adversaries Versatility key to cloud defenders and engineers Skies are overcast for cloud security.

Cloud exploitation increased three-fold, with threat actors focused on infiltrating containers and other components of cloud operations, according to Adam Meyers, senior vice president of intelligence at CrowdStrike.

CrowdStrike said cloud-conscious actors gain initial cloud access by using valid accounts, resetting passwords or placing web shells designed to persist in the system, then attempting to get access via credentials and cloud providers' instance metadata services.

CrowdStrike saw an increased use of both valid cloud accounts and public-facing applications for initial cloud access.

Engineers working on cloud infrastructure and applications need to be increasingly versatile, understanding not only security but how to manage, plan, architect and monitor cloud systems for a business or enterprise.

To learn about cloud engineering responsibilities and skill sets, download the Cloud Engineer Hiring Kit at TechRepublic Premium.

News URL

https://www.techrepublic.com/article/crowdstrike-attackers-cloud-exploits-data-theft/

#cloud #crowdstrike #exploit