Cloud security company Lacework Inc. today announced the release of a new cloud threat report and a new open-source tool for cloud security efficacy testing.
The new “Cloud Hunter” tool is designed to help customers keep pace with ever-improving adversarial tradecraft through advanced environmental analysis and improved incident response time. Cloud Hunter uses the Lacework Query Language to permit hunting across data within the Lacework platform through dynamically created LQL queries.
Using the new tool, Lacework customers can easily find data and develop queries for ongoing monitoring as they scale up detections along with their organization’s cloud security program. Data is automatically analyzed while Cloud Hunter extracts information, further streamlining incident investigations’ capabilities and response times.
Cloud Hunter is being released in response to the findings in the Lacework Labs Cloud Threat Report, which examined the cloud security threat landscape and unveiled new techniques and avenues used by cybercriminals to exploit businesses for profit.
The report found that the attacker landscape has become more sophisticated, with an increase in attacks against core networking and virtualization software and an unprecedented rise in the speed of attacks following a compromise.
Key trends and threats identified in the report include increased speed from exposure to compromise as attackers keep pace with cloud adoption and response time. Many classes of attacks studied in the report were fully automated to capitalize on timing.
Perhaps not surprisingly, one of the most common targets was found to be credential leakage. In an example in the report, a leaked Amazon Web Services Inc. access key was caught and flagged by AWS in record time. However, despite limited exposure, an unknown adversary grabbed the key and used it to launch tens of GPU EC2 instances, underscoring how quickly attackers can take advantage of a single simple mistake.
The report also identified an increased focus on infrastructure, specifically attacks against core networking and virtualization software. Commonly deployed core networking and related infrastructure was found to remain a key target for adversaries, with core flaws in infrastructure often shared openly online, creating opportunities for attackers to exploit potential targets.
Log4j remains an issue nearly a year after the initial exploit. Lacework’s researchers still regularly observe vulnerable software targeted via out-of-band application security testing requests.
“Creating an open-source tool not only extends our capabilities as a research team and company but also gives us a way to fully give back to and empower the developer community based on what we’re seeing from our threat research,” James Condon, director of threat research at Lacework, said in a statement. “As our research shows an increasingly more sophisticated attack landscape, this tool provides a more detailed analysis of an organization’s unique environment based on the new techniques being leveraged by attackers.”