Report reveals an increase in cloud account compromise incidents

A report by Red Canary examines the threat trends that security leaders should prepare for in the following months to years. Through a collection of customers’ endpoints, cloud infrastructure, networks, identities and SaaS applications, the report was able to analyze nearly 60,000 threats to determine these trends. The report noted that while many tactics leveraged by threat actors remained consistent from previous years, there were some notable exceptions, such as email forwarding rules and cloud accounts being more frequently leveraged. 

There were several trends observed in the report. 

  • The prevalence of cloud account attacks increased by 16 times its previous detection volume, affecting three times number of customers from 2022. 
  • Malicious email forwarding rules saw a 600% increase. 
  • Within the reports top 10 threats, half were related to SEO poisoning and/or malvertising.
  • 50% of the top threats could contribute to ransomware infections if not properly addressed. 
  • Threat actors leveraged the human element of security, compromising identities to gain access to cloud service APIs, enact ransomware attacks, commit payroll fraud via email forwarding rules and more. 

In light of these trends, the report recommends that security leaders validate their organization’s defenses, patch existing vulnerabilities and seek further education on cloud infrastructure. 

https://www.securitymagazine.com/articles/100519-report-reveals-an-increase-in-cloud-account-compromise-incidents