A symbolic data cloud is seen at the 2014 CeBIT technology Trade fair on March 10, 2014, in Hanover, Germany. (Photo by Nigel Treblin/Getty Images)

New research from Deep Instinct Monday pointed out that because many organizations have moved to the cloud rather than on-premises during the pandemic, for those not experienced working with cloud services, there’s a risk that misconfigurations or vulnerable, out-of-date components with external API access could get exploited.

Deep Instinct’s bi-annual 2022 Cyber Threat Landscape Report also found that specific attack vectors have grown substantially, including a 170% rise in the use of Office droppers along with a 125% uptick in all threat types combined.

A major security challenge that organizations face in the short-term is to tighten down the security of the many new cloud solutions that were put in place to support the rapid change to a remote workforce,” said Adam Gavish, co-founder and CEO at DoControl.

“Most businesses were well under way in their journey to migrating to the cloud — in all areas of as-a-service offerings,” Gavish said. “The tracks in the ‘journey to the cloud’ were greased by the pandemic, so it's critical to assess and reassess these areas that were adjusted to support business continuity. For the longer-term, attackers have also understood that remote and hybrid environments are there to stay. So it's important to maintain a ‘think like an attacker mindset,’ as there’s an entirely new threat landscape that attackers are looking to exploit.”

The variety of cloud services that a single organization uses creates an attack surface that many don’t realize exists, said Davis McCarthy, principal security researcher at Valtix. McCarthy said threat actors know when a vulnerable cloud service gets exposed to the internet, with remote work being a catalyst for much of this unintentional exposure.

“With no visibility or controls, network defenders are left in the dark,” McCarthy said. “Elastic cloud resources support the enterprise’s use of APIs in products — data being the medium of doing business. The criminal underground has always run on data, whether it be credential dumps, ransomware campaigns, or context that makes a phishing email more legit.”