Cloudflare’s inaugural threat intelligence report identifies a series of weaknesses in technology that attackers have abused and industrialized into professional “attack factories,” leaving most organizations unprepared to respond.
Attackers are turning the very services victims deploy and pay for into tools for launching large-scale attacks. Researchers say the barrier to entry has vanished, as identities and tokens allow attackers to weaponize gaps in cloud-based systems.
Organizations’ environments are riddled with potential entry points. As the everything-as-a-service model spreads, systems become more interconnected and dependent on one another, and many software components are reachable in ways that make them nearly as accessible to attackers as to legitimate users.
“When one of those interconnections goes bad, all of a sudden everything’s gone south,” Blake Darché, head of Cloudflare’s threat intelligence unit Cloudforce One, told CyberScoop.
“Data is more accessible than ever, which is good for a lot of cases, but the threat actors are using that easy access to that data as a way to exploit people, systems and organizations,” he added. “It’s only going to get harder. I think some of the AI tools will make this even worse.”
Attackers have turned “the connective tissue of the modern enterprise into its primary vulnerability,” researchers wrote in the report.
Cloudflare expects attackers to routinely exploit platforms as a standard tactic this year. Cybercriminals, nation-states and others routinely use public cloud resources to blend in with legitimate traffic, provision infrastructure for operations and cast link-based phishing lures into emails that bypass or slip through ineffective protections, researchers wrote in the report.
Weaknesses in the seams of complex cloud environments are abundant and consequential, allowing identity-based attacks to achieve the same outcome as complex malware or zero-day exploits.
These blind spots make the traditional barometers for danger — an attackers’ demonstrated sophistication through elegant code or novel zero-days — effectively trivial, researchers wrote in the report.
“If you’re a business that just lost a million records, it doesn’t matter if the threat actor was sophisticated, unsophisticated, or a child,” Darché said.
Cloudflare argues the industry should reframe how it categorizes risk and take a more pragmatic approach: focus on “effectiveness,” measured by the ratio of an attacker’s effort to the operational outcome they achieve.
“It turns out, you don’t need to be sophisticated to be successful,” Darché said. “In the industry, we’re overly focused on sophistication of threats and that’s probably not what it’s about anymore, and it’ll become less about sophistication level over time.”
The far-reaching attack spree originating at Salesloft Drift last summer, which impacted Cloudflare and more than 700 additional companies through the third-party AI agent’s connection with Salesforce, exemplified the risks lurking in unexpected places in the supply chain.
The trusted relationships that these interconnected services rely on need to be further scrutinized, Darché said. “You as the data owner don’t even know where their data is going, and your exposure is just almost infinite.”
The post Attackers are using your network against you, according to Cloudflare appeared first on CyberScoop.
–
Read More – CyberScoop
