- Brute-force attacks remain, overwhelmingly, the most common threat vector for cloud service providers, comprising 51% of all attacks in the first quarter of 2022, according to analysis from Google Cloud.
- Threat actors automatically scan for and compromise misconfigured cloud services, but the continued use of weak or default passwords poses the greatest risk, Google’s Cybersecurity Action team concluded in its latest Threat Horizons report.
- The exploitation of vulnerable software is the second most compromised threat vector, representing 37% of threat activity in the cloud. Many organizations struggle to keep up with the constant deluge of patches and updates and known vulnerabilities in software that are not addressed are a frequent route for attack.
The steady hail of public breaches combined with poor password practices has empowered threat actors to aggregate login information and launch brute-force attacks against cloud admin accounts and privileged users, according to Google.
Threat actors also benefit from an increasingly complex supply chain as they target industrywide vulnerabilities such as Log4j. The prevalence and wide-ranging impact of these software vulnerabilities makes it more difficult for organizations to protect themselves against compromise.
While zero-day exploits proliferate, in an environment where zero-day vulnerabilities reached the highest level to date last year, Google said it hasn’t observed significant exploitation prior to the release of patches.
This suggests patches to known vulnerabilities and consistent software updates continue to be the most efficient method for organizations to thwart potential attacks in vulnerable software.
There's a shift in ransomware targets too, Google said, as attackers turned attention to databases that might present a greater chance of hitting critical corporate data. “The most common technique observed was where attackers were seen brute forcing SQL databases, cloning a database table into a new table, encrypting the data and proceeding to drop the original table,” it wrote in the report.
Threat actors remain largely focused on initiating ransomware attacks and cryptomining through these most common attack vectors, according to Google. The cloud provider pinned the third- and fourth-most common vector to stolen credentials at 8% and weak firewall rules at 4%