Skip to main content
close search
site logo
Dive Brief

Threat actors favor brute force attacks to hit cloud services

Google Cloud warned that organizations face their greatest threat due to weak passwords and vulnerable software.

Published July 12, 2022
Matt Kapko's headshot
Senior Reporter
A large hallway with supercomputers inside a server room data center.
luza studios via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Brute-force attacks remain, overwhelmingly, the most common threat vector for cloud service providers, comprising 51% of all attacks in the first quarter of 2022, according to analysis from Google Cloud. 
  • Threat actors automatically scan for and compromise misconfigured cloud services, but the continued use of weak or default passwords poses the greatest risk, Google’s Cybersecurity Action team concluded in its latest Threat Horizons report.
  • The exploitation of vulnerable software is the second most compromised threat vector, representing 37% of threat activity in the cloud. Many organizations struggle to keep up with the constant deluge of patches and updates and known vulnerabilities in software that are not addressed are a frequent route for attack.

Dive Insight:

The steady hail of public breaches combined with poor password practices has empowered threat actors to aggregate login information and launch brute-force attacks against cloud admin accounts and privileged users, according to Google.

Threat actors also benefit from an increasingly complex supply chain as they target industrywide vulnerabilities such as Log4j. The prevalence and wide-ranging impact of these software vulnerabilities makes it more difficult for organizations to protect themselves against compromise.

While zero-day exploits proliferate, in an environment where zero-day vulnerabilities reached the highest level to date last year, Google said it hasn’t observed significant exploitation prior to the release of patches.

This suggests patches to known vulnerabilities and consistent software updates continue to be the most efficient method for organizations to thwart potential attacks in vulnerable software. 

There's a shift in ransomware targets too, Google said, as attackers turned attention to databases that might present a greater chance of hitting critical corporate data. “The most common technique observed was where attackers were seen brute forcing SQL databases, cloning a database table into a new table, encrypting the data and proceeding to drop the original table,” it wrote in the report.

Threat actors remain largely focused on initiating ransomware attacks and cryptomining through these most common attack vectors, according to Google. The cloud provider pinned the third- and fourth-most common vector to stolen credentials at 8% and weak firewall rules at 4%

Editors' picks

Company Announcements

View all | Post a press release
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
Chemonics International Data Breach Investigation
From Migliaccio & Rathod LLP
December 04, 2024
Editors' picks
Latest in Vulnerability
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.