Bitdefender Threat Debrief | November 2023
Monitoring lateral movement across hybrid cloud environments, spanning platforms like Google Cloud, Amazon Web Services (AWS), and Microsoft Azure is a critical aspect of maintaining robust cybersecurity, demanding heightened security expertise from technical teams. While the dynamics of lateral movement within traditional Active Directory (AD) environments are well understood, the introduction of hybrid cloud infrastructures brings a new layer of complexity.
Bitdefender Labs recently uncovered previously unknown attack methods for escalating a compromise from a single endpoint to a network-wide breach, potentially leading to ransomware attacks or data exfiltration (read our research or watch the on-demand webinar). Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with GCPW installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem.
To effectively address these challenges, it is crucial to leverage the right detection tools tailored for hybrid environments. Solutions like Bitdefender GravityZone XDR stand out in their ability to discern subtle patterns indicative of lateral movement across diverse cloud platforms. Furthermore, obtaining the necessary knowledge to combat sophisticated threats in hybrid environments is where managed security services, such as Bitdefender MDR, shine. Managed security services offer continuous monitoring, proactive threat detection, and expert response capabilities, augmenting the efforts of in-house security teams and ensuring comprehensive protection against lateral movement threats in the dynamic landscape of hybrid cloud architectures.
Ransomware Report
Spear phishing attacks are often used as an initial attack vector and ransomware infection is often the final stage of the kill chain. For this report, we analyzed malware detections collected in October 2023 from our static anti-malware engines. Note: we only count total cases, not how monetarily significant the impact of infection is. Opportunistic adversaries and some ransomware-as-a-service (RaaS) groups represent a higher percentage compared to groups that are more selective about their targets since they prefer volume over higher value.
