Developed as part of Lacework Labs research, the new open-source Cloud Hunter tool gives customers better visibility and faster response times when investigating incidents
Lacework published the fourth Lacework Labs Cloud Threat Report and subsequently launched a new open source tool for cloud hunting and security testing. The new tool, dubbed Cloud Hunter, helps customers keep up with attackers' evolving methods by providing enhanced environmental analysis and improved incident response times.
Cloud Hunter vs. Threat Models
Cloud Hunter was developed to enable searching of data within the Lacework platform through dynamically constructed LQL queries - in response to new types of sophisticated threat models uncovered by research at Lacework Labs. Customers can quickly and easily find data and develop queries for ongoing monitoring while scaling detections along with their organization's cloud security program. The data is automatically analyzed and Cloud Hunter extracts information. This further optimizes the options and response times when investigating incidents.
The Lacework Labs Cloud Threat Report examines the threat landscape in the cloud over the last three months and reveals the new techniques and ways cybercriminals are using to make money at the expense of companies. In this latest issue, the Lacework Labs team found a significantly more sophisticated attacker landscape, with an increase in attacks targeting core networking and virtualization software, and an unprecedented increase in the speed of attacks after an attack. Key trends and threats identified include:
Increased speed from detection to compromise
Attackers are making strides to keep up with cloud adoption and response time. Many types of attacks are now fully automated to improve timing. In addition, one of the most common goals is the loss of login credentials. In a specific example from the report, a leaked AWS access key was intercepted and flagged by AWS in record time. Despite the limited exposure, an unknown attacker was able to log in and launch dozens of GPU EC2 instances, underscoring how quickly attackers can exploit a single simple flaw.
Increasing focus on infrastructure, particularly attacks on core networks and virtualization software
Commonly deployed core networks and associated infrastructure remain a key target for attackers. Key infrastructure vulnerabilities often appear suddenly and are made public on the Internet, giving attackers of all types the opportunity to exploit these potential targets.
Continuing Log4j reconnaissance and exploitation
Almost a year after the first exploit, the Lacework Labs team still frequently sees vulnerable software being attacked via OAST requests. An analysis of Project Discovery (interact.sh) activity found that Cloudflare and DigitalOcean are the primary culprits
More at Lacework.com
About Lacework
Lacework is the data-driven security platform for the cloud. The Lacework Cloud Security Platform, powered by Polygraph, automates cloud security at scale so customers can innovate quickly and securely. Only Lacework is able to collect, analyze and accurately correlate data across an organization's AWS, Azure, GCP and Kubernetes environments and narrow it down to the few security events that matter.