Cloud Threat Report Volume 6
IDENTItY AND ACCESS MANAGEMENT
(IAM)
The First Line of Defense
Identity and Access Management (IAM) has become increasingly critical and complex due to the pandemic-induced transition to cloud platforms. To understand how IAM policies affect cloud security posture, Unit 42 researchers analyzed 680,000 identities in 18,000 cloud accounts over 200 organizations.
CAN YOU GUESS WHAT WAS DISCOVERED?
Percentage of cloud users, roles, services, and resources granted permissions not being used
0%
Percentage of organizations that have publicly exposed resources
0%
Percentage of cloud accounts using weak IAM passwords
0%
Uncover more staggering findings by downloading the report.
WEAK IAM CAN BE A REAL BREACH
Our findings came to the conclusion that most organizations have misconfigured or overly permissive identity access controls. Adversaries know this and are leveraging new tactics, techniques, and procedures (TTPs) to take advantage of the situation.
Unit 42 researchers have defined a malicious attacker employing these new TTPs as a Cloud Threat Actor (CTA) — an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services, or embedded metadata.
Scroll through to meet the top five CTAs:
The Adept
Team TNT is the most well-known and sophisticated credential targeting group.
The Thief
WatchDog is considered to be an opportunistic threat group that targets exposed cloud instances and applications.
The Money
Kinsing is a financially motivated and opportunistic cloud threat actor with heavy potential for cloud credential collection.
The Old Timer
Rocke specializes in ransomware and cryptojacking operations within cloud environments.
The Returned
8220, a Monero mining group, purportedly elevated their mining operations by exploiting Log4j in December 2021.
LOWER RISKS WITH MORE INSIGHTS
Our team has created an industry-first Cloud Threat Actor Index, charting the operations performed by actor groups that target cloud infrastructure.
These charts (included in the report) detail the TTPs of each cloud threat actor, allowing your security team and wider organization to evaluate your strategic defenses and build the proper monitoring, detection, alerting, and prevention mechanisms.
Want to win the battle against Cloud Threat Actors?
We recommend the following ways to defend your organization against threats that target the cloud:
- Cloud Native Application Protection Platform (CNAPP) suite integration
- Harden IAM permissions
- Increase security automation
Cloud Native Application Protection Platform (CNAPP) suite integration
Harden IAM permissions
Increase security automation
For more details on our recommendations, as well as an eight-step best practices guide to hardening IAM permissions, download your copy of the Cloud Threat Report today.
The Unit 42 Researchers
Palo Alto Networks Unit 42 brings together world-renowned threat researchers with an elite team of security consultants to create an intelligence-driven, response-ready organization. As threats escalate, Unit 42 is available to advise organizations on the latest risks, assess their readiness and help them recover when the worst occurs. The Unit 42 Cloud Threat Report, published annually, is one of the industry's most anticipated and trusted examinations of the modern threat landscape.
Keep Reading
Threats don't go away - they evolve. Explore our Unit 42 Cloud Threat Report archive to see what was on our radar - and what remains in our sights.
