Cloud Security Insights and Trends

Mandiant (now part of Google Cloud) just released our annual security report - M-Trends 2024. The report summarizes the trends we observed in our breach investigations throughout 2023. There are so many gems throughout the report. Here are a few of the observations that stood out to me: 1️⃣ Espionage actors are increasingly exploiting 0-day vulnerabilities and deploying custom malware on edge devices (firewalls, VPNs, and security appliances) and other systems like VMware hypervisors that don’t commonly support EDR solutions. ☣️ Most of these systems are closed and require significant effort to examine for evidence of compromise. They often require the vendor to acquire forensic data from it (not every vendor will do this). ☣️ Some vendors have created file integrity checking solutions to help organizations identify when devices have been compromised. ☣️ As an community, we have a *long* way to go to address this problem. We anticipate we will continue to see espionage actors targeting these systems to obtain initial and persistent access to victim environments. 2️⃣ The median attacker dwell time (the duration between the initial compromise to detection) is 10 days. 6% of the cases we worked had a dwell time between 1-5 years. 3️⃣ The dwell time for ransomware & multifaceted extortion events was 5 days, usually because the threat actor sent an extortion communication to the victim by day 5. 4️⃣ 54% of our clients learned about the incident by a third party (law enforcement, security firm, threat actor, or media). 5️⃣ Exploitation of vulnerabilities continue to be #1 way in which threat actors gain initial access to victim environments (38% of our cases). Phishing is next (17%). 6️⃣ 15% of the incidents that we responded to last year were a result of a prior security incident that wasn’t fully remediated e.g. a backdoor wasn’t found/removed or a service account’s password wasn’t rotated. 7️⃣ Stolen credentials by infostealers accounted for 10% of the intrusions. This is an issue with both corporate assets and personal computers. ☣️ Many people occasionally access their work email from their home computers. People (or their children) sometimes install pirated software on their home computers that are laced with infostealing malware. ☣️ Threat actors are increasingly leveraging stolen credentials or cookies from home computers to access corporate environments. 8️⃣ 17% of the cases we investigated had multiple threat actors in the environment. Thanks to the hundreds of Mandiant professionals that contributed to this report and analysis! Special shout out to Kirstie F., Scott Runnels, Nick Richard, Kelli V., Adam Greenberg, Maria Pavlick-Larsen, Melanie Leboeuf, Kerry Matre, Jennifer Guzzetta, Amanda C., Adrian Sanchez Hernandez, Alexander Marvi, Alyssa Glickman, Angelus Llanos, Ashley Pearson, Austin Larsen, Brandon Wilbur, Brendan McKeague, and so many more. Link to the report: https://lnkd.in/eSqtxgSJ

It is quite common for me to see Azure environments where resources have been spun up without any underlying architecture, governance or security design. Maybe they started out as a temporary solution or test and suddenly became relied upon and built on top of. This opens the organization up to a lot of vulnerabilities and risk, be it from a security perspective or cost perspective... or both! Microsoft Defender for Cloud is a fantastic tool to start bringing some order to the chaos, it also has some free capabilities to get started with, see them later in this post! Here are some of the key capabilities it has to offer: AI Security Posture Management (AI-SPM): Provides granular visibility into all workloads, including AI workloads, identifying vulnerabilities across VMs, Storage Accounts, AI models, SDKs, and datasets. For example, a financial services company mitigated vulnerabilities in their AI-driven fraud detection systems using AI-SPM. Enhanced Threat Protection: Integrates with Azure OpenAI Service to protect against jailbreak attempts and data breaches. A healthcare provider used this to secure patient data in their AI diagnostic tools. Multicloud Threat Protection: Not using Azure? no problem! - This tool supports Amazon RDS and Kubernetes security, enhancing threat detection and response across AWS, Azure, and GCP. A global retailer implemented these features to secure their e-commerce platforms. Infrastructure-as-Code (IaC) Insights: Enhances security with Checkov integration, streamlining DevSecOps processes for a software development firm. Cloud Infrastructure Entitlement Management (CIEM): Optimizes permissions management, reducing attack surfaces for a tech startup. API Security Testing: Supports Bright Security and StackHawk, ensuring API security throughout the development lifecycle. A logistics company used these tools to secure sensitive shipment data. Free Capabilities Microsoft Defender for Cloud offers the foundational Cloud Security Posture Management (CSPM) capabilities for free, including continuous security assessments, security recommendations, and the Microsoft cloud security benchmark across Azure, AWS, and Google Cloud. Check out the links in the comments to learn more! #CloudSecurity #AI #MicrosoftDefender #CyberSecurity #Multicloud #CNAPP #TechNews

As we approach the end of 2023, it's crucial to reflect on the cybersecurity incidents that have shaped our industry and consider their implications for the future. This year witnessed a significant rise in sophisticated cyberattacks, affecting diverse sectors and challenging our preparedness and response strategies. Some Key Incidents: Automated Libra Campaign: Unit 42's investigation into the Automated Libra campaign revealed a South African group creating over 130,000 accounts across various cloud providers, exploiting weaknesses in systems like GitHub's Captcha implementation. LastPass Breach: LastPass suffered a breach compromising encrypted customer data, underscoring the risks even with robust security measures. Royal Mail Ransomware Attack: Royal Mail was hit by LockBit ransomware, impacting international deliveries and exposing vulnerabilities in critical infrastructure. Ransomware Trends: Ransomware remains a dominant threat, with Clop/Cl0p and other groups targeting large-scale enterprises and exploiting managed file transfer services vulnerabilities . On September 11, MGM Resorts International reported unauthorized access to personal customer information due to a cyberattack, affecting systems and resulting in an estimated $100 million loss. Part of a targeted attack that also impacted MGM, resulting in a significant ransom demand. Future Implications: Technology Evolution: These incidents emphasize the need for advanced security protocols as technology evolves. The increasing sophistication of cyberattacks requires equally advanced defense mechanisms. Cyber Insurance: The rise in cyber incidents will likely influence cyber insurance policies, with possibly stricter requirements and higher premiums. Cybersecurity Focus: Businesses must prioritize cybersecurity, investing in robust systems and training to mitigate risks. It's not just about technology; it's about cultivating a security-first culture. I invite your thoughts on how these incidents shape our approach to technology and cybersecurity. How should businesses adapt to these evolving threats? Let's discuss the future of cybersecurity and the proactive steps we can take to safeguard our digital assets.

Google Cloud CISO Perspectives: 2024 Cybersecurity Forecast report, focusing on key points: **Increased AI in Cyber Attacks:** Growing use of AI by cyber attackers, requiring new defense strategies. **Shadow AI Risks:** Employees' use of consumer-grade AI tools in workplaces, creating security vulnerabilities. **Regulatory Changes:** The effect of evolving regulations like SEC rules on cybersecurity strategies. **Challenges in Identity Management:** The importance of effective identity and access management in securing environments. **Multicloud Security Concerns:** Addressing cybersecurity in complex multicloud and hybrid cloud setups. #CybersecurityTrends2024 #AIinCybersecurity #RegulatoryImpact #IdentityManagement #MulticloudSecurity For more detailed insights, you can read the full report https://lnkd.in/gqBM3M9x Talk to a Scybers expert to learn how we can help you secure your code-to-cloud journey.

Key Trends for 2024 Dear LinkedIn Community, As we look to 2024, the world of cybersecurity is, once again, undergoing a transformation that demands our attention. The threat landscape is more dynamic and complex than ever before, driven by emerging technologies, evolving attack vectors, and a new era of cyber threats. As a Chief Information Security Officer (CISO), I believe it's crucial for us to stay ahead of these changes to protect our organizations effectively. Here are some key trends and insights that I believe will define the cybersecurity landscape in 2024: 1. Ransomware Evolution: Ransomware attacks have taken center stage in recent years. We will continue to see sophisticated ransomware strains that target critical infrastructure, demand larger ransoms, and employ innovative tactics to evade detection. Our defenses must evolve accordingly, with a focus on proactive threat hunting and robust incident response plans. 2. Zero Trust Architecture: As perimeter-based security models become less effective, organizations are embracing the idea that trust should not be assumed, even within their networks. Implementing Zero Trust architecture is about verifying every user, device, and transaction, regardless of their location, to minimize the attack surface. 3. Artificial Intelligence (AI) and Machine Learning (ML) in Cybersecurity: AI and ML are becoming invaluable tools in the fight against cyber threats. They enable us to detect anomalies, automate threat detection, and respond to incidents more rapidly. However, we must also be aware of the risks associated with adversarial AI, which attackers can manipulate to their advantage. 4. Supply Chain Security: Recent high-profile supply chain attacks have highlighted the vulnerabilities in our interconnected digital ecosystem. As CISOs, we must collaborate with our vendors and partners to assess and mitigate supply chain risks, ensuring the security of the entire ecosystem. 5. Cloud Security: With the continued migration to the cloud, securing cloud environments is paramount. Embrace a holistic cloud security strategy that includes identity and access management, data encryption, and continuous monitoring. 6. Privacy and Compliance: Evolving data privacy regulations and increasing consumer expectations for data protection require us to maintain a strong focus on compliance. Ensure that your organization's data handling practices align with the latest privacy laws. Let's keep the conversation going. I'd love to hear your thoughts on these trends and how you're addressing the evolving challenges in your organization. #Cybersecurity #CISO #InfoSec #TechnologyTrends #DataProtection #ZeroTrust #AI #ML #Ransomware #SupplyChainSecurity #CloudSecurity #PrivacyCompliance #CybersecuritySkills #cisolife #cybersecurity #informationsecurity

It is said that on your darkest days do not try to see the end of the tunnel by looking far ahead. Focus only on where you are right now. Then carefully take one step at a time, by placing just one foot in front of the other. Before you know it, you will turn that corner. As we embrace the “darkest” day of the year, with Americans experiencing as little as six hours of daylight, it’s a moment to reflect and look forward. With just 4 days to Christmas and a mere 10 days left in 2023, let's cast our gaze towards the horizon of 2024, particularly in the dynamic field of cybersecurity. Cybersecurity in 2024: Predictions and Preparations 1. AI and Machine Learning Proliferation: As AI and ML continue to advance, expect to see these technologies more deeply integrated into cybersecurity strategies. They will be pivotal in identifying and reacting to threats faster than ever before. 2. Increased Focus on Cloud Security:With more businesses relying on cloud services, the emphasis on securing cloud infrastructure will be paramount. This includes enhanced protection against data breaches and improved compliance with data privacy regulations. 3. Rise of Quantum Computing Threats: As quantum computing evolves, so does its potential to break traditional encryption methods. In 2024, we might see the first steps towards quantum-resistant cryptography to safeguard sensitive data. 4. Expanding IoT Security Concerns: The Internet of Things (IoT) will continue to grow, bringing more devices online. Securing these devices will be crucial to prevent them from becoming entry points for cyber-attacks. 5. Sophisticated Phishing Attacks: Expect phishing attacks to become more sophisticated, leveraging AI to create more convincing fake messages and websites. Continuous education and awareness will be key to combating these threats. 6. Regulatory Changes and Compliance: Anticipate new regulations, especially concerning data privacy and protection. Companies must stay agile and informed to ensure compliance and avoid penalties. 7. Collaborative Cyber Defense: A trend towards greater collaboration between organizations and governments in sharing threat intelligence and defense strategies will emerge, strengthening overall cyber resilience. As we step into 2024, let’s stay vigilant, informed, and prepared. The cyber landscape is ever-changing, but with proactive measures and continuous learning, we can navigate these challenges successfully. From the frigid Boston area and not on “ The Park Bench!” I wish everyone a safe and secure holiday season and a prosperous New Year! #Cybersecurity2024 #TechTrends #DigitalSafety #FutureOfCybersecurity