SSH Remains Most Targeted Service in Cado’s Cloud Threat Report

IN SUMMARY

1. Botnet agents dominate the malware landscape, comprising 40.3% of all traffic.
2. SSH remains the most targeted service, representing 68.2% of observed samples.
3. A staggering 97.5% of threat actors target vulnerabilities in a single specific service.

Cado Security, a pioneer in cloud forensics and incident response solutions, has released the much-anticipated Cado Security Labs 2023 Cloud Threat Findings Report. The report uncovers groundbreaking insights into the evolving cloud threat landscape, highlighting the escalating risk of cyberattacks in the wake of widespread cloud service adoption.

Headed by Chris Doman, CTO, and Co-Founder, of Cado Security Labs; their discoveries have exposed novel cloud-based malware and threat techniques, including the infamous Denonia, the first-known malware designed explicitly for AWS Lambda environments.

The report, which the company shared with Hackread.com, is crucial since Cado Security Labs employs honeypot infrastructure to capture real-time cloud attacker telemetry, providing timely insights into emerging attack patterns, and swiftly disseminating crucial findings throughout the security community.

As cloud technologies continue to shape the modern business landscape, organizations must grasp the depth of emerging cloud threats. Cado’s report arms the security community with the knowledge required to counter these latest threats effectively.

According to Cado’s press release, key findings from the report are as follows:

1. Botnet agents dominate the malware landscape, comprising 40.3% of all traffic, playing a significant role in the Russia-Ukraine war’s hacktivist-driven DDoS attacks.
2. SSH (Secure Shell Protocol) remains the most targeted service, representing 68.2% of observed samples. Redis follows at 27.6%, while the exploitation of Log4Shell vulnerability declines to a mere 4.3%.
3. A staggering 97.5% of opportunistic threat actors target vulnerabilities in a single specific service, suggesting attackers focus on exploiting known weaknesses.

It is worth noting that last month, Nokia also released its Threat Intelligence Report for 2023. In this report, the company issued a warning about the increasing threat of DDoS attacks powered by IoT botnets, specifically targeting global Telecom networks.

Moreover, the report highlighted a concerning surge in malicious activity that was initially observed during the Russia-Ukraine conflict but has now spread to various regions worldwide.

Looking ahead, Cado Security Labs predicts an increase in serverless function attacks, non-Windows ransomware developments by ransomware groups, and the continuous exploitation of cloud services for phishing and spam campaigns.

To mitigate these impending threats, Cado Security experts advise organizations to comprehend the AWS shared responsibility model, restrict access to critical evidence, minimize exposure of services like Docker and Redis, scrutinize public repositories for cloud credentials, and implement the principle of least privilege.

Nevertheless, in an ever-evolving cyber threat landscape, the insights from the Cado Security Labs 2023 Cloud Threat Report are crucial for organizations seeking to strengthen their defences against constantly advancing cloud-focused threats.

1. Microsoft the Most Phished Brand in Q2 2023 Report
2. US, India China Most Targeted in DDoS Attacks, Report
3. VirusTotal: Apps Most Exploited by Hackers to Spread Malware
4. Russian Dark Net Markets Dominate Global Drug Trade: Report
5. Submarine Cables Face Massive Cybersecurity Threats, Report
6. MS Office Most Exploited Software in Malware Attacks – Report
7. Google, Microsoft, Oracle generated most vulnerabilities in 2021