Report finds human error among key cloud security risks

Human errors continuing to raise risks is among the three largest trends shaping cloud security in 2022, VentureBeat says based on the latest Elastic Global Threat Report. Threat actors are also targeting the cloud space with maliciously used commercial software and increasing the diversity of their endpoint attack methods to subvert the high efficiency of current endpoint security software, according to the report. The report highlighted its finding that almost 33% of attacks in the cloud take advantage of credential access, indicating a lack of proper protection and configuration of cloud environments likely stemming from users overestimation of their security capabilities. Meanwhile, although CobaltStrike and similar commercial adversary simulation programs are aiding security teams in assessing and strengthening their security measures, threat actors are also leveraging them as malicious tools for performing mass-malware implants. In addition, Elastics threat research and analysis team found that there are currently more than 50 endpoint infiltration techniques in use among cybercriminals, suggesting that the sophistication of most existing endpoint security solutions is forcing them to develop novel methods of attack.