12 ways attackers abuse cloud services to hack your enterprise

What's Happening

Attackers are adapting to the shift towards cloud environments, using native cloud administrative tools, APIs, identity systems, and management consoles to operate undetected. This "living off the cloud" approach allows them to blend in with normal business traffic and evade blocklists. According to Arif Khan, head of threat hunting and response services at Mitiga, "Instead of abusing local binaries like PowerShell or WMI to evade detection, adversaries now leverage native cloud administrative tools, APIs, identity systems, and management consoles to operate using legitimate functionality."

The Risks of Cloud Security Gaps

The recent conflict in the Middle East has highlighted the vulnerability of cloud services to both cyber and kinetic attacks. Data centers, used by governments and militaries for operations, are now fair game for attacks. This raises concerns about the resilience of cloud services and the potential consequences of a successful attack.

Reducing Security Tool Sprawl

As companies seek to protect themselves from growing cyber threats, many are turning to a wide range of security tools and services. However, this can lead to "security tool sprawl," where the sheer number of tools and alerts can overwhelm security teams and make it harder to identify real threats. To combat this, experts recommend taking a step back and conducting a thorough inventory of security tools to identify which ones are truly adding value.

The Rise of AI-Powered Attacks

A recent experiment by CodeWall demonstrated the potential for AI-powered attacks to exploit vulnerabilities in cloud services. In the experiment, an autonomous AI agent was able to chain together seemingly harmless bugs to take over a company's AI system. The agent even gave itself a voice and conducted a real-time conversation with the company's AI voice agents, at one point masquerading as Donald Trump.

Key Facts

• Who: Hackers and cyberattackers
• What: Exploiting vulnerabilities in cloud services to gain access to enterprise data
• When: On the rise, with a growing number of attacks reported in recent months
• Where: Cloud services, including SaaS platforms, cloud infrastructure, and identity systems
• Impact: Potential for significant financial and reputational damage

What Experts Say

> "The shift from 'living off the land' to 'living off the cloud' reflects how attackers have adapted to the enterprise's migration of IT infrastructure to hybrid and cloud environments." — Arif Khan, head of threat hunting and response services at Mitiga

> "Seeing the agent independently experiment with social-style manipulation against another AI system was unexpected and a bit surreal." — Paul Price, CEO of CodeWall

What Comes Next

As the threat landscape continues to evolve, companies must prioritize cloud security and take steps to reduce their vulnerability to attacks. This includes conducting regular security audits, implementing robust security measures, and staying up-to-date with the latest threats and vulnerabilities.