As more and more data moves to the cloud, cyber criminals have turned their attention to this environment. While public cloud computing has a reputation for being more secure than on-premises data centers – particularly for SMBs using hyperscale public cloud – that doesn’t mean it’s impenetrable.
In 2023, there was a 75% increase in cloud intrusions, according to CrowdStrike’s 2024 Global Threat Report. This is supported by similar research from managed detection and response firm Expel, which found a 72% increase in cloud infrastructure cyber security incidents in 2023.
According to CrowdStrike, hackers’ use of cloud-focused attacks shows their preference for identity-based techniques, such as credential theft. It gave the example of a threat group it terms Scattered Spider, which during an intrusion targeting a software developer in North America “escalated privileges by attaching a new administrator access policy to a preexisting cloud user, to which they added a new access key.”
The same group also located a domain controller inside a victim’s Microsoft Azure tenant and managed to copy the disks and create a new adversary-controlled virtual machine. Ultimately, it was able to access and dump an Active Directory database.
When it comes to future threats, the company predicts cyber crime groups will make full use of powerful, publicly available generative AI tools to speed up their attacks and find new ways of targeting and compromising victims.
Yet these same tools could hold the key to securing businesses’ cloud instances.
One common use of AI, specifically machine learning, is to perform real-time anomaly detection based on parameters such as login attempts, network traffic, and API calls.
Google Cloud has placed its bets on the more emerging field of generative AI. In a December 2023 blog post, Phil Venables, vice president and CISO at Google Cloud, said: “For all of its uses, AI is assuredly a cloud security megatrend that can increasingly fuel and accelerate all the other megatrends.”
Get insight into seven defense evasion techniques legacy AV can’t stop
He pointed to Duet AI for Security Operations, a product launched by the company that same month, as an example of how this could work.
The generative AI tool, he said, “helps security teams detect, investigate, and respond to threats — including by analyzing large amounts of data in seconds, reducing time-consuming manual reviews, and improving response time.”
Aside from AI, more basic automation is also used to protect cloud environments. This normally means using built-in and third-party tools and scripts to oversee configuration management, incident response, or threat detection. While not as sophisticated as some AI-based solutions, it’s still worth considering as a base layer of security.
