MITRE’s ATT&CK framework is ever evolving. The latest October update extends enterprise coverage to the cloud and adds a considerable list of cloud-specific adversarial techniques. The cloud has seen phenomenal growth over the past few years, as it offers businesses flexibility, reliability and cost-savings. Along with this growth comes new security risks and high value targets for nation state actors and cyber criminals.
In 2014, source code hosting provider Code Spaces was forced to shut down after an attacker gained access to its AWS IAM and destroyed its entire cloud infrastructure. More recently, a software engineer was arrested after stealing sensitive data, including details pertaining to 106 million credit card applications, from Capital One though a misconfigured AWS S3 bucket.