Cloud security firm Lacework Inc. today announced the release of a new cloud threat report and a new open-source tool for cloud security effectiveness testing.
The new “Cloud Hunter” tool is designed to help customers keep pace with constantly improving enemy crafting through advanced environmental analysis and improved incident response time. Cloud Hunter uses the Lacework query language to enable searching of data within the Lacework platform via dynamically created LQL queries.
Using the new tool, Lacework customers can easily find data and develop queries for ongoing monitoring as they increase detections with their organization’s cloud security program. Data is automatically analyzed while Cloud Hunter extracts the information, further streamlining incident investigation capabilities and response times.
Cloud Hunter is released in response to the findings of the Lacework Labs Cloud Threat report, which examined the cloud security threat landscape and uncovered new techniques and avenues used by cybercriminals to exploit businesses for profit.
The report found that the attacker landscape has become more sophisticated, with an increase in attacks against major networking and virtualization software and an unprecedented increase in attack speed following a compromise.
Key trends and threats identified in the report include increased speed of exposure to compromise as attackers keep pace with cloud adoption and response time. Many attack classes studied in the report have been fully automated to capitalize on timing.
It’s perhaps no surprise that one of the most common targets turned out to be leaking credentials. In one example from the report, an Amazon Web Services Inc. access key leak was captured and reported by AWS in record time. However, despite limited exposure, an unknown adversary grabbed the key and used it to launch dozens of EC2 GPU instances, highlighting how quickly attackers can take advantage of a simple mistake.
The report also identified an increased focus on infrastructure, particularly attacks against major networking and virtualization software. The commonly deployed core network and related infrastructure was found to remain a key target for adversaries, with key infrastructure flaws often being shared openly online, creating opportunities for attackers to exploit potential targets. .
Log4j remains a problem nearly a year after the initial exploit. Lacework researchers still regularly observe targeted vulnerable software via out-of-band application security testing requests.
“Building an open source tool not only expands our capabilities as a research team and business, but also gives us a way to fully give back and empower the developer community based on what we see from our threat research,” James Condon, director of threat research at Lacework, said in a statement. “As our research shows an increasingly sophisticated attack landscape, this tool provides a more detailed analysis of an organization’s unique environment based on new techniques exploited by attackers.”