“Organisations moving more data to cloud infrastructure need to be just as nimble, employing security best practices and modern tools with continuous monitoring to stay ahead of cybercriminals and keep critical information safe,” Mr Condon said.
This third instalment of the Cloud Threat Report highlights four key areas of cloud security: cloud security posture, vulnerabilities and software supply chain, runtime threats and Linux malware, and proactive defence and intelligence.
From September 2021 to February 2022, the report found that despite being one of the largest cloud services providers, AWS accounts make up only 16% of overall hosting of illicit access for sale, while lesser-known companies like HostGator and Bluehost make up half.
Though corporate accounts are being offered for as low as US$300 and upwards of US$30,000, the average price of a compromised AWS account is roughly US$40. This high volume of lower-priced inventory indicates that attackers may be taking advantage of the increased compliance violations in small businesses and a lack of focus on securing consumer accounts.
Based on the findings of this report, Lacework Labs recommends that defenders evaluate security infrastructure against industry best practices and implement proactive defence and intelligence tools with active vulnerability monitoring.