Cloud security incidents shot up by 70% in 2022, report

Attackers increasingly shift away from authentication via legacy protocols to bypassing multi-factor authentication.

Last year, the number of cloud-related security incidents increased by a staggering 70%, a report from cybersecurity firm Expel shows.

Researchers noted that threat actors are ditching legacy protocol hacking and shifting towards trying to bypass multi-factor authentication (MFA) in Microsoft 365.

“They adopted frameworks such as Evilginx2, facilitating adversary-in-the-middle (AiTM) phishing attacks to steal login credentials and session cookies for initial access and MFA bypass,” the report claims.

Even though threat actors focus on cloud-based systems more and more, Expel researchers say that business email compromise (BEC) remains a top threat. That’s supported by the metric, indicating that BEC makes up half of all security incidents. 53% of organizations experienced at least one attempted BEC attack.

Ransomware remains among the top concerns, and 11% of companies saw threat actors trying to deploy malware within their systems. The report claims that compared to 2021, the volume of attempted attacks ballooned by 7%.

Researchers claim that as service providers develop means for companies to block macros in files downloaded from the internet, ransomware operators look for novel ways to establish initial access to organizations’ IT systems.

“Ransomware threat groups and their affiliates are abandoning their use of visual basic for application (VBA) macros and Excel 4.0 macros to gain initial entry to Windows-based environments. Instead, ransomware operators opt to use disk image (ISO), short-cut (LNK), and HTML application (HTA) files to gain initial entry,” the report said.