CrowdStrike 2023 Cloud Risk Report
Cloud-conscious adversary activity is on the rise
Cloud-conscious adversary activity is on the rise
Cyberattacks targeting the cloud skyrocketed in 2022:
95%
increase in cloud exploitation
3X
increase in cases involving cloud-conscious threat actors
- Latest trends in adversary activity
- Real-world stories of attacks on the cloud
- Common oversights leaving organizations vulnerable
- Top five recommendations to defend against cloud-conscious adversaries
Key report insights
Adversaries are sharpening
cloud TTPs
Adversaries are becoming more reliant on valid accounts, which were used to gain initial access in 43% of cloud intrusions observed.
Attackers manually deleted an instance in 28% of attacks to remove evidence to avoid detection.
Identity is a key access point in the cloud
Attackers are using the power of identity to achieve their goals. In 2022, access broker advertisements were up 112% from the previous year, and in 67% of cloud incidents, CrowdStrike observed IAM roles with higher privileges than needed. Sometimes organizations leave the door open: 47% of critical misconfigurations in the cloud were related to poor identity and entitlement hygiene.
Human error is driving cloud risk
Lack of hygiene continues to dominate risk in the cloud. Sixty percent of container workloads observed lacked properly configured security protections. More than one-third (36%) of detected misconfigurations had insecure cloud provider default settings, opening the door to adversaries.