Unit 42 Cloud Threat Report, Volume 6
Cloud Threat Actors Have IAM Misconfigurations in Sight
As the cloud evolves, so should your security strategy. But before you commit to a plan, make sure your cloud security teams are asking the right questions. These include:
- Who is attacking cloud infrastructure?
- How are they doing this?
- What are they targeting?
Knowing what makes you a more vulnerable target is just as important. Misconfigurations tend to be at the center of the majority of known cloud security incidents, and poorly written identity and access management (IAM) policies are often the culprits. While IAM is a complex component that governs the authentication and authorization of every resource in a cloud environment, it is also the most critical because of its role as the first line of defense against attack.
For this edition of the “Cloud Threat Report,” the Unit 42 Cloud Threat Research team wanted to understand how cloud security teams today implement IAM and where the gaps in protection are.
Analyzing 680,000+ identities across 18,000 cloud accounts from over 200 different organizations was shocking. Unit 42 found a staggering 99% of the cloud users, roles, services and resources were granted excessive permissions, which were left unused.
The result? Bad actors have an open door to utilize cloud-specific tactics, techniques and procedures (TTPs) to gain wider access to organizations’ cloud environments.
Download your copy of this report for a deep dive into:
- Who attacks cloud infrastructure, how they carry out these attacks and what they target.
- Why effective IAM is essential to achieving security, and more eye-opening statistics around the current state of IAM for most organizations.
- Recommendations on how to protect your organization from being targeted.
Get your free copy now.
