Cybersecurity Awareness Month 2024

Identity-Based Attacks Surge in Cloud Environments

0
193
  1. CrowdStrike

Fabio Fratucello, Field CTO International, CrowdStrike

“Modern adversaries are not just breaching defenses – they’re exploiting identities, using compromised credentials to gain access to cloud environments and move laterally across endpoints. According to CrowdStrike’s 2024 Global Threat Report, cloud exploitation cases grew 110% over the past year, while identity-based attacks continue to surge with 75% of attacks to gain initial access being malware-free.

Adversaries are launching sophisticated phishing and social engineering campaigns – often aided by AI –  to obtain credentials that fuel these cross-domain attacks. Once inside, they are increasingly leveraging hands-on-keyboard activities to blend in as legitimate users, bypass legacy security controls and move laterally in the direction of high-value targets.

While malware is alive and well, identities are driving modern attacks. To stop breaches, organizations must have visibility and controls at every point of the attack path, with advanced identity threat detection and response capabilities tightly integrated with cloud and endpoint defenses.”

  1. Trend Micro

Sharda Tickoo, Country Manager, India & SAARC, Trend Micro

“Identity-based attacks in cloud environments are on the rise, with attackers targeting both human and non-human identities (NHIs) like service accounts, API keys, and AI agents to access sensitive data. Gartner estimates that spending on cloud security is expected to grow by 24% in 2024, highlighting its importance in the global security and risk market. As organizations shift to multi-cloud and hybrid infrastructures, securing identities has become more complex, NHIs outnumber human identities by a significant margin, with over 17 NHIs for every human identity.

Token-based systems, crucial for verifying identities, are increasingly exploited by threat actors, particularly NHIs, which often lack robust security measures applied to human credentials like MFA and credential rotation. This vulnerability allows for lateral movement and unauthorized access to critical systems.

To mitigate these risks, both human and NHI attacks, organizations must adopt a multi-layered approach that includes AI-driven security solutions for real-time identity monitoring and managing identities. Machine learning can detect anomalies and unauthorized access attempts, while automation streamlines identity management, enabling quicker detection of suspicious activities and enforcing security practices such as token rotation and MFA across all identity types.

By integrating AI-driven tools with zero-trust principles, continuous monitoring, and centralized visibility, businesses can proactively reduce their attack surface, protect critical cloud assets, and maintain compliance amid evolving threats.”

  1. CyberProof – a UST company

Jaimon Thomas, Vice President, Customer Engineering, CyberProof – a UST company

“In recent months, there’s been a concerning rise in social engineering and phishing attacks, fuelled by the rapid advancements in generative AI. These tactics have become increasingly sophisticated, enabling adversaries to craft highly convincing and deceptive phishing messages. Phishing remains the primary method used by attackers to infiltrate target environments. They’ve refined their techniques, employing more elaborate strategies like multi-factor authentication (MFA) bypass, session cookie theft, Pass-the-Hash attacks, and credential dumping. These attacks exploit vulnerabilities in systems and user behaviour to steal sensitive information and compromise accounts.

To effectively mitigate identity risks, organizations must adopt proactive identity controls and robust monitoring measures. Unified identity solutions, often centred around zero-trust architectures, offer an effective approach to managing user identities and access privileges. These solutions incorporate strong governance principles and streamlined processes, ensuring robust access management. Additionally, implementing time-based one-time codes (TOTP) and continued user awareness campaigns are essential for effective multi-factor authentication (MFA) controls. By combining these strategies, organizations can significantly reduce the likelihood of unauthorized access and data breaches.

Proactive identity risk management requires continuous monitoring to detect suspicious user behaviour and potential security threats. By leveraging advanced threat detection and response technologies, coupled with continuous threat exposure management (CTEM), identity-based vulnerability prioritization, and applied threat intelligence, organizations can adapt their cyber defences in real-time to address emerging risks. This involves continuously monitoring network traffic, user activities, and audit logs for anomalies that may indicate a security breach or compromise. By staying ahead of targeted threats and establishing swift and structured response processes, organizations can minimize the impact of cyberattacks and protect their valuable assets.”

  1. Whatfix

Achyuth Krishna, Head of IT and Information Security, Whatfix

“As cyber threats escalate in both sophistication and frequency, the commitment to cybersecurity has transformed from a standard protocol to a fundamental responsibility that underpins organizational success. With cyber threats becoming more advanced, enterprises must leverage AI as a transformative force to anticipate, detect, and neutralize threats in real time. AI’s capability to analyze massive datasets and autonomously identify anomalies gives organizations a critical edge. According to Gartner, 30% of organizations will use AI-powered security tools to help identify and respond to threats by 2025, underscoring the increasing reliance on AI to combat sophisticated cyberattacks. At Whatfix, we have integrated AI capabilities with our Cloud security posture management (CSPM) and Security information and event management (SIEM) tools, allowing us to identify threat patterns both quicker and efficiently.

Userization, where technology adapts to users’ needs, offers a revolutionary approach to cybersecurity. This shift emphasizes that security is a collective responsibility—no longer confined to IT departments but relevant to every user engaging with technology. Fundamental practices—like cybersecurity education, robust password policies, two-factor authentication, and regular software updates—remain essential, but today’s security landscape requires more.

Adopting a zero-trust security model is paramount, where continuous validation replaces assumed trust. According to Gartner’s 2024 Cybersecurity Trends Report, more than 60% of enterprises are expected to transition from perimeter-based security to zero-trust architectures by 2025. This approach significantly enhances visibility and control over users and traffic, creating a robust yet adaptable security framework that aligns with the principles of userization.

While technology alone isn’t enough, Leadership commitment, strong employee cyber hygiene, and cross-departmental collaboration are critical components of a cyber-resilient organization. A united front, where technology, leadership, and teams work together, provides a far more effective defense than fragmented efforts. By adopting these practices, enterprises will strengthen their defences and navigate the ever-changing cybersecurity landscape with greater agility and confidence.”

  1. Equinix

Alok Pandey, Principal Product Manager and Marco Zacchello, Global Principal at Equinix

“Data and intellectual property are often an organization’s most valuable resources. Securing those resources and preventing unauthorized access are vital. According to a survey by Dimensional Research, sponsored by the Identity Defined Security Alliance (IDSA), identity-related security breaches have been on the rise. Eighty-four percent of surveyed firms suffered an identity-related breach in the prior 12 months.

Companies now have to manage and secure more digital identities than in the past, and cybersecurity threats have become more sophisticated. Many of the older approaches to IAM are no longer adequate. So, organizations are making changes to move toward zero-trust security postures.

Modern IAM solutions can effectively support a zero-trust security approach by providing enhanced control over identities and permissions. For Equinix solutions and services, we now have single sign-on (SSO) based on the user’s email address. When you log into an Equinix portal with your email address, you automatically have access to the Equinix platform. For Equinix digital services, we’ve implemented RBAC (Role-based access control). An administrator defines the resource hierarchy of their organizational resources and then uses RBAC for that resource hierarchy. Permissions assigned on a resource are inherited to all the child resources. 

With these new IAM updates for Equinix digital services, users can have a single credential and clearly defined access permissions based on their identified roles. We believe this will make it easier to get the security and control required to safeguard your organizational assets.”