As security professionals assess the cloud security challenges that lie ahead for the coming year, one thing is certain. Threat actors will continue to double down on their efforts, utilizing new techniques and refining pre-existing methods as they extend their ever-growing toolbox.
To help enterprises stay ahead of the game, our security research team has highlighted some of the top trends and attack vectors cloud security teams can expect to encounter in 2023.
1 Threat actors will focus on bypassing volume scanning solutions
More and more organizations are deploying volume based scanning solutions to identify threats. However, there are attacks that agentless solutions aren’t able to detect, such as memory-resident malware.
In 2023 we expect cybercriminals to continue using and improving these techniques that bypass volume scanning solutions. This makes it crucial that organizations that use these solutions adopt another layer of protection, preferably an agent based solution.
2 The rise of eBPF malware
The rapid adoption of eBPF technology in security tools has led to emergence of BPF and eBPF malware in various locations.
Throughout 2022 there have been cases of state-sponsored threat actors using this technology to bypass security solutions and avoid detection. Worryingly, we’ve also seen some individuals have released a number of new eBPF based rootkits on GitHub. A move that will enable more threat actors to use these open-source proof-of-concept tools and launch attacks in the wild.
In 2023, we expect attackers to invest yet more time and effort in bypassing or disabling eBPF security-based products and organizations will need to deploy advanced security solutions that have the ability to detect and capture this threat in their environments.
3 Attackers are weaponizing new vulnerabilities faster
Over the past year we’ve observed an increasing number of zero-day vulnerabilities, many of which are being exploited through remote code execution. Examples include Log4shell, Confluence, Zimbra and Zabbix.
At the same time we saw how bigger botnets like Kinsing, Mirai and Dreambus were able to rapidly add these new vulnerabilities to their running infrastructure. Effectively both decreasing the time it takes to weaponize new zero-day vulnerabilities while increasing their attack reach. Expect this trend to continue in 2023.
4 The emergence of next-gen attackers
A new generation of attackers are adopting and using new and emerging technologies to hone and optimize their campaigns.
Alongside automating attacks, they are using Kubernetes to crack passwords while harnessing machine learning and AI algorithms to automate and optimize how they identify potential attack vectors. They’re even providing ‘tutorials for dummies’ on how to smoothly launch a campaign just with the click of a button. But this may well be just the tip of the iceberg.
In 2023 we believe attackers will begin to leverage many of the security tools, such as code scanning, that security practitioners use to protect and mitigate against vulnerabilities in their development and runtime environments. The difference being that these creative criminals will be using these tools to offensively detect issues and gaps in an organization’s code or infrastructure.
Firms that develop open-source software will be a particular target for this form of nefarious activity.
5 The hyperscale cloud threat When talking about cloud attacks, most of the focus revolves around exploitation of misconfigurations and vulnerabilities in running workloads. In recent years supply chain has become another top focus for attackers looking for an initial entry point to infiltrate.
In 2023, we predict that malicious actors will look for further initial access targets such as attacks via cloud infrastructure and cloud service providers.
Organizations will need to be on their guard because threat actors may increase their efforts around compromising cloud service and hosting accounts in order to find their way into corporate cloud environments. The threat of a major cloud attack following an account takeover, or the exploitation of a server-side request forgery (SSRF), for instance, means organizations will need to deploy further monitoring tools and some highly robust orchestration tools that can connect detections from several areas in the cloud.
Staying one-step ahead
To enhance security, organizations will need to continue to invest in appropriate security tools that will address security issues in their cloud native pipelines. They should also look to bolster and enhance greater cooperation between shift left security stakeholders such as developers and devops and more traditional security practitioners such as the CISO office.
As the attack surface in the cloud continues to expand, organizations that deploy highly integrated and holistic monitoring tools will be best placed to address the activities of cybercriminals that are increasingly looking for more ways to move laterally in the cloud and reach more targets in the cloud account.