SAN JOSE, Calif., Oct. 13, 2022 /PRNewswire/ — Lacework®, the data-driven cloud safety firm, right now launched the fourth Lacework Labs Cloud Menace Report and subsequently launched a brand new, open supply device for cloud looking and safety efficacy testing. The brand new device, often known as Cloud Hunter, will assist clients maintain tempo with ever-improving adversarial tradecraft by means of superior environmental evaluation and improved incident response time.
Developed in response to new varieties of refined risk fashions uncovered by means of Lacework Labs’ analysis, Cloud Hunter makes use of the Lacework Question Language (LQL) to allow looking throughout knowledge throughout the Lacework platform by the use of dynamically-created LQL queries. Prospects can rapidly and simply discover knowledge and develop queries for ongoing monitoring as they scale detections together with their group’s cloud safety program. Knowledge is mechanically analyzed whereas Cloud Hunter extracts data, additional streamlining the capabilities and response occasions for incident investigations.
The Lacework Labs Cloud Menace Report examines the cloud safety risk panorama over the previous three months and unveils the brand new strategies and avenues cybercriminals are exploiting for revenue on the expense of companies. On this newest version, the Lacework Labs staff discovered a considerably extra refined attacker panorama, with a rise in assaults in opposition to core networking and virtualization software program, and an unprecedented enhance within the pace of assaults following a compromise. Key tendencies and threats recognized embrace:
- Elevated pace from publicity to compromise: Attackers are advancing to maintain tempo with cloud adoption and response time. Many lessons of assaults at the moment are absolutely automated to capitalize on timing. Moreover, one of the widespread targets is credential leakage. In a selected instance from the report, a leaked AWS entry key was caught and flagged by AWS in report time. Regardless of the restricted publicity, an unknown adversary was capable of login and launch tens of GPU EC2 situations, underscoring simply how rapidly attackers can reap the benefits of a single easy mistake.
- Elevated deal with infrastructure, particularly assaults in opposition to core networking and virtualization software program: Generally deployed core networking and associated infrastructure persistently stays a key goal for adversaries. Core flaws in infrastructure usually seem all of the sudden and are shared brazenly on-line, creating alternatives for attackers of every kind to take advantage of these potential targets.
- Continued Log4j reconnaissance and exploitation: Practically a 12 months after the preliminary exploit, the Lacework Labs staff remains to be generally observing susceptible software program focused by way of OAST requests. Evaluation of Mission Discovery (work together.sh) exercise revealed Cloudflare and DigitalOcean as the highest originators.
“Creating an open supply device not solely extends our capabilities as a analysis staff and firm, but additionally offers us a solution to absolutely give again to and empower the developer group based mostly on what we’re seeing from our risk analysis,” mentioned James Condon, Director of Menace Analysis at Lacework. “As our analysis exhibits an more and more extra refined assault panorama, this device offers a extra detailed evaluation of a corporation’s distinctive surroundings based mostly on the brand new strategies being leveraged by attackers. Cloud Hunter is the primary device from Lacework to generate queries that may be straight transformed into customized insurance policies inside a buyer’s surroundings.”
The Lacework Labs staff additionally examined points round how “rogue accounts” are utilized by attackers for the reconnaissance and probing of S3 buckets in addition to the rising recognition of cryptojacking and steganography. A full copy of the report and the manager abstract may be discovered right here.
About Lacework
Lacework is the data-driven safety platform for the cloud. The Lacework Cloud Safety Platform, powered by Polygraph, automates cloud safety at scale so our clients can innovate with pace and security. Solely Lacework can accumulate, analyze, and precisely correlate knowledge throughout a corporation’s AWS, Azure, GCP, and Kubernetes environments, and slim it right down to the handful of safety occasions that matter. Prospects everywhere in the globe depend upon Lacework to drive income, deliver merchandise to market sooner and safer and consolidate level safety options right into a single platform. Based in 2015 and headquartered in San Jose, Calif., Lacework is backed by main traders like Sutter Hill Ventures, Altimeter Capital, D1 Capital Companions, Tiger International Administration, Counterpoint International (Morgan Stanley), Franklin Templeton, Sturdy Capital, Common Catalyst, XN, Coatue, Dragoneer, Liberty International Ventures, and Snowflake Ventures, amongst others. Get began at www.lacework.com.
