Mandiant’s 2024 Cloud Threat Report reveals a sharp rise in identity-based attacks exploiting hybrid environments, with financial firms racing to meet DORA compliance deadlines amid evolving threats.
Identity-based attacks targeting cloud infrastructure surged 45% in Q1 2024, according to Mandiant’s latest findings. Financial institutions face urgent DORA compliance deadlines while attackers exploit credential weaknesses across hybrid environments.
Google Cloud’s Mandiant division reported on 22 April 2024 that identity attacks now constitute 61% of all cloud security incidents, marking a 45% year-over-year increase. The findings highlight how attackers increasingly exploit credential weaknesses and configuration gaps between legacy systems and cloud services.
The Anatomy of Modern Cloud Threats
Mandiant’s research reveals that multi-factor authentication (MFA) bypass techniques have increased 140% since 2023, with attackers using adversary-in-the-middle phishing kits and session token theft. ‘We’re seeing identity become the primary attack vector because it’s where perimeter defenses are weakest,’ stated Charles Carmakal, Mandiant’s CTO. Financial institutions face particular pressure with DORA compliance deadlines set for January 2025, requiring comprehensive resilience plans for cloud-dependent operations.
Hybrid Environment Vulnerabilities
Palo Alto’s Unit 42 found 82% of hybrid environments contain critical misconfigurations enabling lateral movement between cloud and on-premise systems. The April 2024 breach of fintech firm Tipalti demonstrated this risk when attackers compromised a vendor’s SaaS access to manipulate payment systems across AWS and Azure. Similarly, Microsoft Azure suffered an intrusion where attackers pivoted from on-premise systems to cloud workloads using stolen credentials.
Implementing Zero-Trust Frameworks
CISA issued emergency directives last week mandating phishing-resistant MFA for federal agencies following credential theft incidents. Security experts recommend vendor-agnostic zero-trust approaches: ‘Micro-segmentation and continuous verification must replace perimeter thinking,’ advised Gartner analyst Neil MacDonald. While 68% of enterprises now implement micro-segmentation, visibility gaps persist across multi-cloud environments where inconsistent authentication protocols create invisible attack paths.
Historical Context of Cloud Vulnerabilities
The current identity crisis echoes challenges from the early cloud migration era. Between 2017-2019, Capital One and Uber breaches exposed how misconfigured cloud storage could compromise millions of records, leading to the creation of Cloud Security Posture Management (CSPM) tools. These incidents established foundational security practices now being tested by increasingly sophisticated identity-based attacks.
Similarly, the evolution of MFA bypass techniques follows a pattern seen with earlier security controls. When financial institutions widely adopted two-factor authentication around 2015, attackers responded within 18 months with SIM-swapping and phishing tactics. This continuous cycle of innovation and adaptation underscores why modern zero-trust frameworks emphasize continuous verification rather than static defenses.
