Last Updated on January 30, 2023
Among the various things that I have done in 2020, there is the collection of the main cyber attacks that have exploited cloud services in the kill chain. I have built a personal (and obviously incomplete) list using publicly available information. The complete timeline is available at the end of the post, while some statistics are summarized in the following charts…
Cloud services are increasingly abused by threat actors, as they provide a reliable and resilient hosting infrastructure, are able to bypass traditional security controls, and, last but not least, are implicitly trusted by the users. This explains the growing adoption of droppers such as GuLoader or BazaarLoader (recently deployed to deliver the Ryuk ransomware in the recent devastating wave of attacks.
As I mentioned this gives only a partial idea of the cloud-native threat landscape, in any case it’s hopefully a useful indication of how frequent the exploitation of cloud services for malicious purposes is becoming.