Google Cloud and Google LLC’s Cybersecurity Action Team today released a new report that offers intelligence on the evolving landscape of security threats in cloud enterprises.

The August 2023 Threat Horizons report details various security risks and incidents, starting with the finding that in the first quarter of 2023, credentials were a factor in more than half of the reported incidents.

With credentials resulting in more than half of all compromises, continued vulnerability monitoring of authentication mechanisms is critical in safeguarding credentials. Areas such as weak passwords, mishandled access keys, compromised authentication tokens and the misuse of credentials are predominant vectors for unauthorized access and can lead to severe security breaches.

The Threat Horizons report also details an emerging challenge: mobile apps evading cloud enterprise detection through versioning. By employing different mobile app versions, malicious actors can bypass detection algorithms based on static identifiers or patterns. That’s making it increasingly difficult for security teams to identify harmful applications, leading to potential risks within an organization’s mobile ecosystem.

The report notes that the techniques being used to evade security mean that security professionals must adopt a more dynamic and proactive approach to mobile app security as static defenses and traditional monitoring strategies no longer work as they once did. The report recommends that companies deploy continuous assessments of mobile app behavior, leveraging machine learning and artificial intelligence to detect anomalous patterns. Companies are also advised to collaborate with app stores and industry stakeholders to share intelligence.

The report also covers a growing issue within the cloud environment: the identification of compromised customer domains and IPs on Google Cloud. The report argues that understanding and recognizing compromised assets are crucial in rapidly responding to potential security incidents. By identifying patterns and signs of unauthorized activity on domains and IPs, organizations can act swiftly to contain and mitigate the impact.

Issues within the telecommunication industry are also highlighted. The report warns that as the industry adopts cloud services, threats from nation-states and cybercriminals will likely persist, along with the pre-existing systemic cyber risk that can be addressed by modern cybersecurity approaches such as zero trust.

Finally, the report says it’s important to raise awareness of how source code compromises or leaks can help cyber threat actors facilitate various exploitation activities. Activities include the exposure and abuse of legitimate credentials and certificates, unauthorized reproduction and use of leaked software, developing or inserting vulnerabilities, and supply chain compromise.

Image: Google Cloud