Sysdig Annual Threat Report Highlights Growing Cost and Scale of Cloud Attacks

Published:
October 22, 2024

With a new focus on stealing cloud credentials and exploiting enterprise AI to the tune of $100,000+ per day, the “2024 Global Threat Year-in-Review” underscores how threat actors are weaponizing new cloud technologies


SAN FRANCISCO
– Oct 22, 2024 – Sysdig, the leader in real-time cloud security, today announced the release of the Sysdig Threat Research Team’s (TRT) “2024 Global Threat Year-in-Review.” The report, which Sysdig threat researchers derive from real-world adversarial operations and attack campaigns, highlights the evolution of threat attackers’ tactics, including a growing reliance on automation and new cloud technologies.

Report Highlights

  • $100,000+ lost per day to AI resource jacking: It didn’t take long for threat actors to leverage stolen cloud access to exploit large language models (LLMs), as illustrated by an LLMjacking attack that left one victim on the hook for $30,000 in just three hours. Left unchecked, an LLMjacking operation can cost more than $100,000 per day.
  • 500+ cryptomining instances launched in 20 seconds: While some cloud attacks deliver swift, high-impact financial blows, others are conducted more subtly. For example, while Meson Network attackers were able to automate more than 500 new cryptomining instances every 20 seconds using a compromised cloud account, other groups like RUBYCARP have been able to siphon victim resources for a decade.
  • 1,500+ victims’ credentials stolen using open source software: As the cloud evolves, so do attackers. For instance, less than one month after the release of the SSH-Snake research, CRYSTALRAY threat actors were discovered weaponizing the open source network mapping tool to harvest over 1,500 victims’ account credentials.

“Proactive security programs should always assume compromise,” said Michael Clark, Head of Sysdig Threat Research. “Cyberattacks will continue, likely at a greater frequency, and prevention alone is simply insufficient as attackers’ means of defense evasion continue to mature. Resilience following a cyberattack will keep businesses moving, as cloud attacks will continue to become faster, more sophisticated, and more expensive year over year.”

The 2024 edition of the annual Sysdig Threat Research Report further illustrates the expanding attack surface and financial strain that organizations face. Given that the average cost of a public cloud breach has eclipsed $5 million and that cloud attacks have increased 154% year over year, Sysdig TRT projects that global cyberattacks will cost over $100 billion in 2025.

Responsible for discovering and communicating information about the latest attacks, Sysdig TRT has tracked and exposed 15 novel threats in the last two years. Made up of an international group of cyberspies, the team’s experience ranges from the military and government to commercial and academic espionage work. The team’s research was also instrumental in informing the industry’s only cloud attack benchmark, the 555 Benchmark for Cloud Threat Detection and Response. Catch the team through the end of the year at one of their many speaking opportunities.


Resources


Media Contact


Damon Weinhold
damon.weinhold@sysdig.com
+1 (415) 873-4772

Sysdig delivers cloud security the right way with open innovation, agentic AI, and the uncompromising truth of runtime. In a world of black boxes and blind spots, Sysdig helps security and development teams prevent, detect, and respond to threats in the moment.

AI is only as powerful as the signals it receives, and Sysdig Sage™ — the first agentic AI analyst for cloud security — is fueled by the deepest runtime intelligence in the industry. It doesn’t just observe. It reasons and acts with the context, speed, and precision that modern teams need to build and defend innovation in real time. Founded by the creators of Falco and Wireshark, Sysdig is trusted by more than 60% of the Fortune 500 and is built for those who refuse to compromise on security.