A report by Cado Security reveals tactics deployed by malicious actors in last six months of 2023. The report found that in cloud environments, attackers are exploiting web-facing services in order to obtain access. They are also targeting services that need technical expertise to exploit rather than targeting generic servers. The most frequently exploited cloud service is Docker, accounting for 90.65% of honeypot traffic.
Malicious actors are taking advantage of the infrastructure of hosting companies around the world. The report identified malware campaigns (like P2Pinfect) that possessed a wide global distribution, including nodes belonging to providers in the United States, Germany and China. This suggest that regardless of the location of an organization’s infrastructure, it can still be exploited.
Although cryptojacking is still a threat, it is no longer the only threat security leaders may face from cloud attackers. The report observed a diversification of threats in recent malware campaigns, making infrastructure subject to a wider variety of attacks.