CrowdStrike 2023 Cloud Risk Report

Cloud-conscious adversary activity is on the rise

Cyberattacks targeting the cloud skyrocketed in 2022:

95%

increase in cloud exploitation

3X

increase in cases involving cloud-conscious threat actors

CrowdStrike’s 2023 Cloud Risk Report spotlights adversaries we’ve observed targeting enterprise cloud apps and infrastructure. It includes:
  • Latest trends in adversary activity
  • Real-world stories of attacks on the cloud
  • Common oversights leaving organizations vulnerable
  • Top five recommendations to defend against cloud-conscious adversaries

Read the CrowdStrike 2023 Cloud Risk Report

The must-read cloud threat report of 2023

Read the CrowdStrike 2023 Cloud Risk Report

The must-read cloud threat report of 2023

Key report insights

Adversaries are sharpening
cloud TTPs

Adversaries are becoming more reliant on valid accounts, which were used to gain initial access in 43% of cloud intrusions observed.

Attackers manually deleted an instance in 28% of attacks to remove evidence to avoid detection.

Identity is a key access point in the cloud

Attackers are using the power of identity to achieve their goals. In 2022, access broker advertisements were up 112% from the previous year, and in 67% of cloud incidents, CrowdStrike observed IAM roles with higher privileges than needed. Sometimes organizations leave the door open: 47% of critical misconfigurations in the cloud were related to poor identity and entitlement hygiene.

Human error is driving cloud risk

Lack of hygiene continues to dominate risk in the cloud. Sixty percent of container workloads observed lacked properly configured security protections. More than one-third (36%) of detected misconfigurations had insecure cloud provider default settings, opening the door to adversaries.

Get the CrowdStrike 2023
Cloud Risk Report

Download the report