New cloud security analysis finds default configurations and identity management are the biggest concerns
Accurics analyzed cloud-native configurations over the last seven months to identify ongoing and new threats.
A new analysis of security risks in cloud deployments found that companies are facing an increased risk of more advanced attacks and struggling to control managed infrastructure options. The Cloud Cyber Resilience Report from Accurics describes how insecure defaults and identity management are causing new problems.
Accurics used the recent SolarWinds Orion hack as an example of what can happen when attackers get access to code or pipelines. Because the malware looked like it was code from an authorized developer, the attack was undetected for months, giving attackers plenty of time to look for weaknesses.
The report authors said the Twilio hack was an example of another growing problem: Watering hole attacks in the cloud. The report suggests these problems are caused by the increased use of managed infrastructure services, such as hosted CI/CD services, messaging services, and function as a service.