Google Cloud links poor credentials to nearly half of cloud-based attacks

Cloud services with weak credentials were a prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.

Dive Brief:

• Cloud services accounts with weak or non-existent credentials were the most common entry point for attackers in the second half of 2024, Google Cloud said Wednesday in its Threat Horizons Report.
• Attacks involving weak or no credentials accounted for nearly half of intrusions observed or studied by Google Threat Intelligence Group, Mandiant, Google Cloud’s Office of the CISO and other Google intelligence and security teams during the second half of last year. 
• Misconfigurations in cloud services were the second most common initial access vector, representing more than 1 in 3 attacks Google Cloud studied. The report noted a sharp increase in compromised application programming interfaces and user interfaces, which accounted for almost 1 in 5 attacks during the second half of the year.