In 2024, organizations experienced a significant surge in high-severity cloud security alerts, highlighting the escalating threat landscape in cloud environments. Data from Palo Alto Networks indicates a 388% increase in cloud security alerts over the year, with high-severity incidents rising by 235%.
This trend underscores that cyber attackers are not only targeting cloud infrastructures more frequently but are also executing more effective and damaging attacks. The most prevalent issues identified include:
– Remote Command Line Usage of Serverless Tokens: Organizations reported an average of 24.68 daily occurrences where serverless function credentials were exploited, potentially allowing unauthorized access and lateral movement within cloud environments.
– Suspicious Downloads of Multiple Cloud Storage Objects: An average of 21.09 daily incidents involved identities performing unusual bulk downloads from cloud storage, indicating potential data exfiltration attempts.
– Disabling of Cloud Storage Delete Protection: On average, 20.19 daily alerts were triggered by the disabling of delete protection mechanisms in cloud storage, increasing the risk of data loss or manipulation.
These activities, when combined, can facilitate comprehensive cyberattacks, such as ransomware campaigns that leverage compromised credentials to infiltrate and exploit cloud environments.
