Call a Specialist Today! 844-294-0778
Unit 42 Research
Cloud threat report, volume 7
Navigating the expanding attack surface. This report delivers a detailed view of the most common cloud security oversights that leave organizations exposed to malicious activity.
Download the report Request informationKey findings from 210,000 cloud accounts
Unit 42 researchers analyzed workloads across 210,000 cloud accounts in 1,300 organizations. The findings reveal that threat actors continue to exploit common and avoidable cloud security gaps.
MFA not enforced for console users
The majority of organizations do not enforce multi-factor authentication for cloud console access, leaving accounts vulnerable to credential-based attacks.
Unpatched high or critical vulnerabilities
Production codebases contain unpatched vulnerabilities rated CVSS 7.0 or higher, providing low-effort entry points for attackers.
Cloud accounts analyzed
The scope of this research spans 1,300 organizations, providing a comprehensive view of cloud security posture across industries.
Download the full cloud threat report
Cloud service providers continue evolving with new features and services. The pace of change makes it difficult for organizations to keep up, and many inadvertently introduce security weaknesses into their environments.
This report covers lessons from real cloud breach incidents, actionable guidance for staying ahead of threat actors, the most common cloud security issues, and the risks that open-source software introduces into cloud environments.
Get the full report
Cloud threat landscape at a glance
Threat actors have become increasingly proficient at exploiting common cloud security oversights. These four areas represent the most significant risks identified in the report.
MFA enforcement gaps
76% of organizations do not enforce MFA for console users, and 58% do not enforce it for root or admin accounts. Without MFA, stolen credentials provide direct access to cloud environments.
Software supply chain risks
The prevalence of open-source dependencies and the complexity of modern software supply chains make it increasingly difficult to maintain secure codebases. Attacks targeting these supply chains are rising.
Unpatched vulnerabilities in production
63% of production codebases contain unpatched high or critical vulnerabilities (CVSS 7.0 or above), and 11% of public cloud hosts are similarly exposed. These gaps remain among the easiest attack vectors to exploit.
Threat actor evolution
Threat actors are adapting to new security strategies and finding creative methods to circumvent defenses. They exploit hidden weak spots and leverage vulnerabilities with increasing sophistication.
Solutions for cloud security
Addressing the risks identified in the Cloud Threat Report requires a comprehensive approach to cloud-native security, incident response, and data analytics.
Prisma Cloud
A cloud-native application protection platform (CNAPP) that secures code, infrastructure, workloads, data, and applications across multicloud and hybrid cloud environments.
Explore Prisma CloudUnit 42 Incident Response
Incident response specialists leverage cloud technologies including Cortex XDR, Cortex Xpanse, and Prisma Cloud to identify attack vectors, assess data at risk, and execute remediation.
Explore Unit 42Cortex Data Lake
Scalable cloud-based storage that collects, integrates, and normalizes security data combined with multiple threat intelligence sources. AI-based analytics identify and stop sophisticated attacks.
Explore Cortex Data LakeConnect with a specialist
Discuss cloud security strategy, evaluate solutions for the risks identified in this report, and explore deployment options tailored to organizational requirements.