SSH is the service most targeted by cloud attackers
A new cloud threat findings report from Cado Security looks at the evolving cloud threat landscape, shedding light on the heightened risk of cyberattacks due to the rapid adoption of cloud-focused services.
The report shows SSH is the most commonly targeted service accounting for 68.2 percent of the samples seen, followed by Redis at 27.6 percent, and Log4Shell traffic at a mere 4.3 percent, indicating a shift in threat actor strategy no longer prioritizing the vulnerability as a means of initial access.
"Our goal with this report is to equip incident responders and security professionals with essential knowledge, enabling them to adequately secure their organization amid this rapidly-evolving threat environment," says James Campbell, CEO and co-founder of Cado Security. "By sharing our key findings, we uphold our commitment to continuous investment in initiatives aimed at empowering the broader security community."
Botnet agents are revealed as the most common malware category, representing around 40.3 percent of all traffic. Use of botnets has been especially relevant in the context of the Russia-Ukraine war, where they have been leveraged by hacktivists on both sides to conduct DDoS attacks on strategic targets.
The majority (97.5 percent) of opportunistic threat actors scan for vulnerabilities in only one specific service to identify vulnerable instances deployed in the wild. This could be due to the fact that attackers are aware of a specific vulnerability in a particular service or they have development experience in that area.
"As a threat researcher myself, I take immense pride in fostering a culture that emphasizes investments and focuses on areas dedicated to researching the latest attack patterns," says Chris Doman, CTO and co-founder of Cado Security. "Building an exceptional team of experts who share this vision is a testament to our commitment to strengthening the collective power of the security community. Our researchers proactively monitor cloud-focused attack techniques and generate findings that serve as the foundation for developing industry-leading resources that keep security teams at the forefront of securing organizations worldwide."
The full report is available from the Cado site.