Sift Security Blog The Cloud Attack Chain

In an earlier posting on Public Cloud Security Detection Use Cases, we attempted to map detections to the traditional Lockheed Martin Kill Chain. After further reflection, we decided that cloud infrastructure threats are sufficiently different enough to warrant a modified attack chain framework. We are releasing the Cloud Attack Chain framework today.The Cloud Attack Chain is a simplified attack chain model that describes typical attacks on public cloud infrastructure. The attack chain describes how an attacker gains access to a victim's cloud environment, how they move laterally through the target cloud infrastructure, and what malicious actions they perform. Our new Whitepaper describes the four stages of the attack chain and provides detailed examples of some real-world attacks. As a preview, the stages of the Cloud Attack Chain are:1. Exposure: Exposure of cloud resources is at the beginning of any cloud attack. Exposure can be deliberate, based on business trade-offs, or accidental, resulting from misconfigured resources or unpatched vulnerabilities. Exposures are where attackers start looking for a way in.2. Access: Access occurs when an attacker has figured out how to exploit an exposure and gains access to your cloud infrastructure.3. Lateral Movement: With access to your infrastructure, the attacker identifies targets for the attack, gaining access to additional resources or escalating their privileges.4. Actions: Now having access to the resources they need, the attacker performs some malicious action to fulfill their objectives.We invite you to learn more by downloading the paper at https://siftsecurity.com/papers/Sift-Security-The-Cloud-Attack-Chain/view