1、By Insikt GroupAugust 4,2025Cloud Threat Hunting and Defense LandscapeAs organizations increasingly adopt cloud infrastructure,they encounter novel and unique security challenges that threat actors are actively exploitingThreat actors targeting cloud environments rely mainly on exploiting misconfigu

2、rations and employing coercion tactics for initial access.Vulnerability and misconfiguration scanning campaigns,alongside initial access brokers,represent the primary means by which threat actors obtain cloud credentials.CYBERTHREATANALYSISCYBER THREAT ANALYSIS Executive Summary In a review of recen

3、tly observed attack methods,Insikt Group identified five attack vectors that currently pose the greatest potential threat to cloud environments.Three of these attack methods,vulnerability exploitation,endpoint misconfiguration,and credential abuse leading to account takeover,can grant threat actors

4、initial access.In certain circumstances,these three attack methods can also be employed following initial access to gain increased permissions within a cloud environment,modify the cloud environment,and allow lateral movement,either to additional cloud environments,traditional on-premise environment

5、s,or user devices.The two remaining attack methods,cloud abuse and cloud ransomware,demonstrate impact actions threat actors can perform within a cloud environment.Hunting for each of these threats often requires the implementation of robust logging within cloud environments to ensure that data such

6、 as network communications,user access,and cloud service usage metrics can be readily accessed and scrutinized for aberrations.Log data assists in both proactive discovery of suspicious activity originating at the edge of cloud environments,such as in instances where misconfiguration and vulnerabili