NEW

3 Experts' Cybersecurity Predictions for 2025

Arrow pointing right
ExtraHop Logo
  • Productschevron right
  • Solutionschevron right
  • Why ExtraHopchevron right
  • Blogchevron right
  • Resourceschevron right

Cloud Security Threats: CrowdStrike Highlights Cloud-Conscious Adversaries

Share blog icon

Back to top

Back to top

June 15, 2023

Cloud Security Threats: CrowdStrike Highlights Cloud-Conscious Adversaries

Takeaways from the 2023 Cloud Risk Report

Cloud environments are critical to an organization’s ability to innovate—which also makes them a prime target for a new class of cyberattackers: the cloud-conscious adversary.

In their 2023 Cloud Risk Report, CrowdStrike covers the tactics, techniques and procedures (TTPs) employed by these threat actors and how prolific they’ve become in their pursuit of information and financial gain.

Attackers are Exploiting Trusted Identities

The report highlights some staggering statistics: a 95-percent increase in cloud exploitation and a 288-percent increase in cloud-capable actors year over year. Breakout time—the time it takes an attacker to exfiltrate data after gaining an initial foothold—averaged 84 minutes, which is shorter than the previous year. This increase in speed indicates these adversaries are getting more confident at infiltrating and operating in the cloud.

Cloud entitlements and permissions are notoriously complex, and it's not uncommon for services like AWS to have thousands of different access controls. CrowdStrike notes these authenticated credentials play heavily in these incidents, and adversaries have been stealing permissions or initializing brute force password attacks. Once inside, they move laterally through the cloud, evading defenses and requesting credentials to escalate privileges for greater access. Of the cloud incidents observed, CrowdStrike saw that 67 percent of identity and access management (IAM) roles were "over-privileged," or escalated beyond their requirements.

Container Security Remains Tricky

Container workloads continue to grow in popularity for their smaller footprint relative to virtual machines (VMs) and their ease of deployment across multiple architectures. Unfortunately, the ephemeral nature of containers make them difficult to secure. It's common for containers to be spun up, run, then spun down in a matter of minutes, making them even more difficult to discover. Furthermore, the layered nature of IaaS, PaaS, and Serverless infrastructure increase the chances of blindspots or misconfigurations. CrowdStrike reports that 60 percent of observed container workloads lack properly configured protections.

Even when there is security in place, teams often lack visibility in these environments. Adversaries are able to access containers through external-facing services, such as APIs or SSH. Once inside, they can hide within existing containers—or create their own—to avoid defenses, which gives them time to introduce malicious code into the environment. The report also notes that incident response teams only get a partial view of container incidents, which means that compromised workloads are often missed.

Protect Cloud Workloads with Continuous Network Visibility

Cloud-conscious adversaries pose significant risk, but even the most sophisticated attackers leave a trail. Our strategic partnership with CrowdStrike combines Reveal(x) 360 network intelligence with Falcon endpoint data and threat intelligence for full-coverage detection, investigation, and response capabilities. Reveal(x) 360 lights up the east-west corridor and discovers post-compromise behaviors like lateral movement to help keep your cloud secure.

Reveal(x) 360 also unifies security across containerized environments and orchestration services with AI-powered peer group analysis to detect advanced threats as they occur in highly dynamic environments. Analysts can identify when threat actors may be using compromised credentials to access and use assets with malicious intent and stop them in their tracks—before they can reach the cloud.

blog image

ExtraHop is on a mission to arm security teams to confront active threats and stop breaches. Our RevealX™ 360 platform, powered by cloud-scale AI, covertly decrypts and analyzes all cloud and network traffic in real time to eliminate blind spots and detect threats that other tools miss. Sophisticated machine learning models are applied to petabytes of telemetry collected continuously, helping ExtraHop customers to identify suspicious behavior and secure over 15 million IT assets, 2 million POS systems, and 50 million patient records. ExtraHop is a market share leader in network detection and response with 30 recent industry awards including Forbes AI 50, Cybercrime Ransomware 25, and SC Media Security Innovator.

Learn more at our About Us page.

Share
LinkedIn logoX logoFacebook logo

Explore related articles

Experience RevealX NDR for Yourself

Schedule a demo