Identity and Access Management (IAM) has become increasingly critical and complex due to the pandemic-induced transition to cloud platforms. To understand how IAM policies affect cloud security posture, Unit 42 researchers analyzed 680,000 identities in 18,000 cloud accounts over 200 organizations.
Percentage of cloud users, roles, services, and resources granted permissions not being used
0%
Percentage of organizations that have publicly exposed resources
0%
Percentage of cloud accounts using weak IAM passwords
0%
Our findings came to the conclusion that most organizations have misconfigured or overly permissive identity access controls. Adversaries know this and are leveraging new tactics, techniques, and procedures (TTPs) to take advantage of the situation.
Unit 42 researchers have defined a malicious attacker employing these new TTPs as a Cloud Threat Actor (CTA) — an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services, or embedded metadata.
Our team has created an industry-first Cloud Threat Actor Index, charting the operations performed by actor groups that target cloud infrastructure.
These charts (included in the report) detail the TTPs of each cloud threat actor, allowing your security team and wider organization to evaluate your strategic defenses and build the proper monitoring, detection, alerting, and prevention mechanisms.
We recommend the following ways to defend your organization against threats that target the cloud:
Palo Alto Networks Unit 42 brings together world-renowned threat researchers with an elite team of security consultants to create an intelligence-driven, response-ready organization. As threats escalate, Unit 42 is available to advise organizations on the latest risks, assess their readiness and help them recover when the worst occurs. The Unit 42 Cloud Threat Report, published annually, is one of the industry's most anticipated and trusted examinations of the modern threat landscape.
Threats don't go away - they evolve. Explore our Unit 42 Cloud Threat Report archive to see what was on our radar - and what remains in our sights.