How The Security of The Cloud’s Supply



            Chain Will Shift in 2024


            What we can expect from advanced threat actor groups in the new year.

            By Jason Martin, Co-founder and Co-CEO at Permiso Security



            In 2023, we started  to witness  a change  in the way both attackers  and defenders  thought  about cloud
            security. The days when attackers target a single service and steal data from an S3 bucket are almost a
            long gone memory at this point - simpler times. Attackers got smart about who and what they targeted.
            Through initial recon, the help of credentials for purchase, and some masterful reconnaissance in SaaS
            environments,  groups  like  LUCR-3  (Scattered  Spider)  were  able  to  breach  the  environments  of
            companies like MGM, Caesars, Clorox and others.

            While  advanced  cloud  threat  actors  showcased  their  skill  at  being  able  to  gain  access  to  cloud
            environments  and move laterally,  they also tipped  their hand at what cloud supply chain  attacks might
            look like in 2024.






            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          134
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.