August 2023 Threat Horizons Report Provides Cloud-Focused Cybersecurity Insights and Recommendations
Mandiant
Written by: Adam Greenberg
The Google Cloud Threat Horizons Report first launched in November 2021 with the ultimate goal of providing security decision-makers with strategic intelligence about threats to cloud enterprise users, along with data, metrics, trends, and additional cloud research. Perhaps most importantly, the report aimed to provide recommendations from Google’s intelligence and security teams to help defenders protect against, detect, and respond to the latest cloud and other threats.
Today marks the release of the seventh edition of our quarterly publication, August 2023 Threat Horizons Report, and our mission hasn't changed. This latest report provides all the cloud-focused research, metrics, and guidance that readers have come to expect, including:
- Based on Q1 2023 observations by our Google Cloud IR teams, more than 60% of compromises involved credential issues, 19% involved misconfigurations, and only 2.4% involved vulnerable software.
- Fewer than 1% of apps on Google Play are considered harmful, but a way they commonly get on is by a technique called versioning, which means the initial version of an app is legitimate and malicious functions are added later via updates
- Using 2022-23 VirusTotal and Mandiant data, we discovered 13 customer domains and one IP hosted on Google Cloud that were compromised in Q1 2023. We encourage and provide guidance to all Google Cloud customers to periodically examine their domains and IPs for malicious activity.
- Geopolitical activity is driving a lot of targeting against the telecommunications industry, with the most targeted subsectors being wireless telecommunications, IT and telecom services, and data services.
- The most common cause of source code leaks is credentials or token compromise, third-party compromise, misconfiguration, and insider threat.
- Various third-party services and distribution channels used by organizations can also be leveraged by attackers, including cloud marketplaces, browser extensions, OAuth applications, and IDE extensions.
Read the August 2023 Threat Horizons Report today. And if this is the first time you're hearing about the Threat Horizons Report and are craving more cloud-focused security research and recommendations, read all six of the editions that came before.