There has been a constant increase in the number of security incidents and threats on cloud platforms as companies migrate their operations. Key sectors attacked include research institutions, large corporations, governments, and public entities in China, totaling 156 identified attack sources. The majority of monitored critical assets are cloud server IPs, with Alibaba Cloud being the predominant provider, followed by Tencent Cloud.
Our advanced threat hunting system discovered 120,000 cloud server IPs globally, performing activities such as network scanning, vulnerability attacks, and malware spread. Three critical vulnerabilities in Spring were highlighted: CVE-2022-22947, CVE-2022-22963, and CVE-2022-22965, with the first two analyzed in detail. These flaws represent significant risks to cloud security.
In terms of volume, over 800 million threat attacks were recorded in the month, including over 740 million vulnerability attacks and over 55 million malware spread cases. Additionally, over 680,000 new IoCs were added, showing a growing trend of attacks on IoT devices.
The attack methods used against key cloud IPs include SSH brute force attacks, Gitlab remote command execution vulnerabilities, and Redis remote command execution vulnerabilities. These attacks seek to compromise critical assets in cloud environments.