Attackers are after our Cloud & Identities. How do we assess our gaps?

Cloud & Identity target organisation identity diagram — Target Company Identity infrastructure

An increase of reliance on cloud resources such as authentication services, applications and storage has led of a lot of attackers to prioritise Cloud tradecraft. Research such as the 2024 Verizon Data Breach Investigation Report shows that abuse of credentials for Web Applications was the top attack vector.

Why burn expensive 0-day exploits when exploiting humans or already compromised credentials can be a much more effective way to gain access? - Your friendly neighbourhood hacker.

To combat this the market has seen an increase in cloud focused investment from security companies as such organisations need to understand what they are getting when splashing out on the latest and greatest from a security vendor.

Evaluation highlights

Evaluating the value brought by these security solutions is particularly tough. There is little to no established methodologies, while automated tools can give a quick glance at your company exposure to these, they won't be able to give a full picture without using real attacker behaviour, abusing established communication patterns tailored to an organisation. This is without mentioning setting up a new bespoke environment and having the expertise in-house to perform these attacks.

We perform our attacks in a controlled environment with identities set up and a company structure that communicates and is subjected to external threats from their established trusted partnerships with their service providers.

In the full evaluation , unlike traditional APT style testing the solution does not know the scope of the attacker tradecraft in advance. They do not know how or who will be targeted first. Your MDR is responsible for identifying and giving enough information to piece the attack together through our Cloud Asset Operation while keeping Alert Fatigue down. We are also able to provide information on ongoing detection while the attack is ongoing and information added post-compromise.

BEC & ITDR specific

A lot of these threats can be partially dealt with ITDR-style solutions that look for unusual activity of an established identity. Our testing scope can be tailored for such solutions to showcase the value they bring. Alongside this, Business Email Compromise (BEC) is one of the most prevalent attack types that Email Security Solutions have to deal with. Since we set up our target company as a normal organisation would with real domains and users we are best positioned to emulate these attacks in an organic way, just like the attackers do.

Read more about our approach on our methodology, don't hesitate to get in touch with questions and queries!