API economy
API security
cloud security
Cyber landscape
Cybersecurity
July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks.

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. This is the tenth revision to the report and it went into detail about initial access vectors of concern, observed impacts of intrusion, and other data from this year in cybersecurity. 

The findings in this report demonstrate that weak credentials, misconfiguration, serverless infrastructure, and insecure architecture were key vulnerabilities.

“Weak or no credentials remained a key driver of initial access, accounting for the most frequent successful vector and the second most commonly seen trigger for detection rules.”

Authentication and authorization have always been among two of the most overlooked aspects of cybersecurity and weak authentication or authorization can allow hackers to easily gain initial access without necessary credentials.

“Misconfiguration, however, jumped to over 30%, largely due to the high volume of detections of misconfigured or poorly configured environmental factors. ”

Some other interesting observations:

  • Strong growth in the use of serverless platforms by threat actors
  • Hard-coded secrets - this matches a somewhat common finding in public APIs that we scanned as part of our State of API Security 2024 report
  • One other discussion point from this is that while there’s a huge focus in information security in preventing data exfiltration, Google points out that abuse of the underlying infrastructure is actually the top threat. In the API space, some of the most impactful large-scale disclosures are actually much more focused on the ability to abuse the functions of an API, such as remote start features in connected cars, or to grant unlimited frequent flyer miles.

Overall, we’ve seen significant new cyber risks and an increase in the volume of old vulnerabilities being exploited. And with the introduction of new technology such as AI, attacks are only becoming more complex.

Read the Google Cloud Security Report here for more information on the biggest web threats at large. For a more API-specific report, check out FireTail’s State of API Security 2024 report here.

Lina Romero

Related posts

API Discovery: The Foundation of Security
December 10, 2024

API Discovery: The Foundation of Security

Many security teams are still not aware of all the APIs in their landscape. Read the latest blog from FireTail to learn about the importance of API discovery and how you can discover all the APIs in your landscape today.

Read more
The Secrets of APIs...
November 21, 2024

The Secrets of APIs...

This blog post will answer questions such as: But where do APIs live? And how do they interact? What languages do they use?

Read more
API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations
November 20, 2024

API Security: The Overlooked Threat Now Overshadowing Cloud Misconfigurations

The latest blog from the C-suite at FireTail attempts to answer the essential question: “Which is a bigger threat today - cloud misconfigurations or API vulnerabilities?”

Read more

This site uses cookies

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Got it!