Multiple Lines
Multiple LinesMultiple Lines
Up Arrow
Back to Blog
Security

7 Reasons Why Attackers Shifted Towards Cloud Applications

By 
Roi Abitboul

In the last few years, attackers are increasingly shifting their focus from infrastructure to applications, exploiting vulnerabilities that traditional security measures cannot protect. This blog explores the reasons why attackers have shifted their attention to applications.

Industry Leaders Agree: Cloud Application Attacks Are on the Rise

According to the "2024 Data Breach Investigations Report" by Verizon, vulnerability exploitation has seen significant growth, particularly targeting cloud-native applications. The report notes, “Vulnerability exploitation almost tripled from last year, with attackers increasingly targeting application-layer vulnerabilities.” This trend underscores the urgent need for application-specific security measures.

The "2024 State of Application Security Report" by CrowdStrike, further highlights this shift, noting that eight out of the top ten data breaches of 2023 were related to application attack surfaces, exposing around 1.7 billion records. This indicates a clear trend where applications are becoming the primary target for attackers.

Gartner echoes this sentiment, stating, “Attackers have shifted their attention to applications, making it evident that security leaders need to focus on application protection.” As applications become more interconnected and complex, they present a broader attack surface that traditional infrastructure-focused security tools cannot adequately protect.

“Attackers have shifted their attention to applications, making it evident that security leaders need to focus on application protection.” Gartner, 20 November 2023

Why Have Attackers Shifted Their Attention to Applications?

1. Most Vulnerabilities Hide Within the Application Level, Not Infrastructure

The fact that there are more vulnerabilities in the application level than the infrastructure level, means that it is easier to exploit applications than infrastructure.

2. Application Vulnerabilities come in all shapes and sizes

Vulnerabilities with a CVE ID, CVE-less (e.g. vulnerabilities without a CVE-ID), library misconfigurations, malicious packages, and even AI-hallucinations and zero-days.

3. Applications Offer a Diverse Attack Surface

Applications often have multiple entry points, such as APIs, web interfaces, and mobile apps, increasing the potential attack surface. Furthermore, user inputs, file uploads, and other dynamic interactions can be exploited if not properly sanitized.

4. The Application Level is More Dynamic

Applications undergo frequent code changes, which makes dealing with vulnerabilities more complex. The dynamic nature of application development, with continuous integration and continuous deployment (CI/CD) pipelines, means that new vulnerabilities can be introduced regularly.

5. 70% of Application Code Comes from OSS

Open Source Software (OSS) comprises about 70% of application code, and it is known to be more prone to vulnerabilities. The "CrowdStrike 2024 State of Application Security Report" emphasizes that while OSS provides great benefits in terms of cost and innovation, it also introduces significant security risks. The widespread use of OSS components means that a vulnerability in one component can have far-reaching consequences.

6. Application Vulnerabilities Are Harder to Fix

Fixing application vulnerabilities often requires code changes, which are much more challenging than addressing infrastructure vulnerabilities. The remediation of application-level vulnerabilities involves coordination across development teams, thorough testing, and careful deployment to avoid disrupting service.

7. Cloud Infrastructure Security Has Become a Commodity

As infrastructure defenses have improved and grown in popularity, attackers have adapted and are now exploiting the vulnerabilities of applications.

The time for Runtime Application Detection and Response (ADR)

In the face of increasing threats to cloud-native applications, relying solely on cloud infrastructure security (CNAPP) and traditional WAFs is insufficient. Runtime ADR is a critical layer of security that provides the necessary visibility, contextual awareness, and integration with development processes to protect applications effectively. By adopting Runtime ADR, organizations can enhance their security posture, reduce false positives, and respond more effectively to sophisticated attacks. Book a demo today to discover Raven’s Runtime ADR.

Share this post
Yellow Lines

Get a Demo

Meeting Booked!
See you soon!
Until we meet, you might want to check out our blog
Oops! Something went wrong while submitting the form.
Ellipse
Security

7 Reasons Why Attackers Shifted Towards Cloud Applications

Attackers are increasingly shifting their focus from infrastructure to applications, exploiting vulnerabilities that traditional security measures cannot protect.
Read more
Security

The Critical Need for Cloud Runtime Application Security

While shift left strategies are essential for building secure applications, they are not sufficient on their own. Cloud runtime application security, or protect right, is crucial especially as attackers are increasingly shifting their focus to applications.
Read more
Security

What are CVE-Less Threats?

What CVE-less threats are, why they are becoming more prevalent, and how organizations can protect themselves against these insidious risks.
Read more
Yellow Lines
{ "@context": "https://schema.org", "@graph": [ { "@type": ["Organization"], "@id": "https://raven.io/#organization", "name": "Raven - Runtime Application Protection", "url": "https://raven.io/", "sameAs": [ "https://x.com/Ravencloudinc", "https://www.linkedin.com/company/raven-cloud/about/" ], "logo": { "@type": "ImageObject", "@id": "https://raven.io/#logo", "inLanguage": "en-US", "url": "https://cdn.prod.website-files.com/65a4638e376d11af3056eaeb/66563d1d5dbe6bab908ce612_7%20Reasons%20why.png", "contentUrl": "https://cdn.prod.website-files.com/65a4638e376d11af3056eaeb/66563d1d5dbe6bab908ce612_7%20Reasons%20why.png", "width": 218, "height": 416, "caption": "Raven - Runtime Application Protection" } }, { "@type": "WebSite", "@id": "https://raven.io/#website", "url": "https://raven.io/", "name": "Raven - Runtime Application Protection", "description": "De-prioritize 93% of vulnerabilities, stop application attacks early in the kill chain and prevent vulnerabilities in the first place with runtime patching.", "publisher": { "@id": "https://raven.io/" }, "potentialAction": [ { "@type": "SearchAction", "target": { "@type": "EntryPoint", "urlTemplate": "https://raven.io/?s={search_term_string}" }, "query-input": "required name=search_term_string" } ], "inLanguage": "en-US" }, { "@type": "WebPage", "@id": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications#webpage", "url": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications", "name": "Top 7 Reasons Why Attackers Now Target Cloud Apps | Raven.io", "isPartOf": { "@id": "https://raven.io/#website" }, "primaryImageOfPage": { "@id": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications#primaryimage" }, "datePublished": "2024-02-06", "dateModified": "2024-09-24", "description": "De-prioritize 93% of vulnerabilities, stop application attacks early in the kill chain and prevent vulnerabilities in the first place with runtime patching.", "inLanguage": "en-US", "copyrightYear": "2024", "copyrightHolder": { "@id": "https://raven.io/#organization" }, "potentialAction": [ { "@type": "ReadAction", "target": [ "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications" ] } ], "about":[ { "@type":"Thing", "name":"cloud", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud_computing", "https://www.google.com/search?q=cloud&kgmid=/m/02y_9m3" ] }, { "@type":"Thing", "name":"apps", "sameAs":[ "https://en.wikipedia.org/wiki/Mobile_app", "https://www.google.com/search?q=apps&kgmid=/m/0h94y36" ] }, { "@type":"Thing", "name":"cloud security", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud_computing_security", "https://www.google.com/search?q=cloud+security&kgmid=/m/09v8lc9" ] }, { "@type":"Thing", "name":"vulnerabilities", "sameAs":[ "https://en.wikipedia.org/wiki/Vulnerability_(computing)", "https://www.google.com/search?q=vulnerabilities&kgmid=/m/048vgs" ] }, { "@type":"Thing", "name":"the cloud", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud_computing", "https://www.google.com/search?q=the+cloud&kgmid=/m/02y_9m3" ] }, { "@type":"Thing", "name":"microsoft", "sameAs":[ "https://en.wikipedia.org/wiki/Microsoft", "https://www.google.com/search?q=microsoft&kgmid=/m/04sv4" ] }, { "@type":"Thing", "name":"saas", "sameAs":[ "https://en.wikipedia.org/wiki/Software_as_a_service", "https://www.google.com/search?q=saas&kgmid=/m/06_4c_" ] }, { "@type":"Thing", "name":"owasp", "sameAs":[ "https://en.wikipedia.org/wiki/OWASP", "https://www.google.com/search?q=owasp&kgmid=/m/06nr9c" ] }, { "@type":"Thing", "name":"risks", "sameAs":[ "https://en.wikipedia.org/wiki/Risk", "https://www.google.com/search?q=risks&kgmid=/m/06d5f" ] }, { "@type":"Thing", "name":"visibility", "sameAs":[ "https://en.wikipedia.org/wiki/Visibility", "https://www.google.com/search?q=visibility&kgmid=/m/05xqwk" ] }, { "@type":"Thing", "name":"cybersecurity", "sameAs":[ "https://en.wikipedia.org/wiki/Computer_security", "https://www.google.com/search?q=cybersecurity&kgmid=/m/022x_" ] }, { "@type":"Thing", "name":"infrastructure", "sameAs":[ "https://en.wikipedia.org/wiki/Infrastructure", "https://www.google.com/search?q=infrastructure&kgmid=/m/017kvv" ] }, { "@type":"Thing", "name":"malware", "sameAs":[ "https://en.wikipedia.org/wiki/Malware", "https://www.google.com/search?q=malware&kgmid=/m/0582c" ] }, { "@type":"Thing", "name":"data breaches", "sameAs":[ "https://en.wikipedia.org/wiki/Data_breach", "https://www.google.com/search?q=data+breaches&kgmid=/m/03c18t5" ] }, { "@type":"Thing", "name":"cloud computing", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud_computing", "https://www.google.com/search?q=cloud+computing&kgmid=/m/02y_9m3" ] }, { "@type":"Thing", "name":"security", "sameAs":[ "https://en.wikipedia.org/wiki/Computer_security", "https://www.google.com/search?q=security&kgmid=/m/022x_" ] }, { "@type":"Thing", "name":"cyberattacks", "sameAs":[ "https://en.wikipedia.org/wiki/Cyberattack", "https://www.google.com/search?q=cyberattacks&kgmid=/m/0p78w_d" ] }, { "@type":"Thing", "name":"cloud", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud", "https://www.google.com/search?q=cloud&kgmid=/m/0csby" ] }, { "@type":"Thing", "name":"compliance", "sameAs":[ "https://en.wikipedia.org/wiki/Regulatory_compliance", "https://www.google.com/search?q=compliance&kgmid=/m/053ldb" ] }, { "@type":"Thing", "name":"cloud services", "sameAs":[ "https://en.wikipedia.org/wiki/Cloud_computing", "https://www.google.com/search?q=cloud+services&kgmid=/m/02y_9m3" ] } ] }, { "@type": "TechArticle", "@id": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications#TechArticle", "isPartOf": { "@id": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications#webpage" }, "wordCount": 590, "publisher": { "@id": "https://raven.io/#organization" }, "image": { "@id": "https://raven.io/blog/7-reasons-why-attackers-shifted-towards-cloud-applications#primaryimage" }, "thumbnailUrl": "https://cdn.prod.website-files.com/65a4638e376d11af3056eaeb/66563d1d5dbe6bab908ce612_7%20Reasons%20why.png", "keywords": [ "Cloud Application Attacks", "Cloude Application Security" ], "articleSection":[ "7 Reasons Why Attackers Shifted Towards Cloud Applications", "Industry Leaders Agree: Cloud Application Attacks Are on the Rise", "Why Have Attackers Shifted Their Attention to Applications?", "1. Most Vulnerabilities Hide Within the Application Level, Not Infrastructure", "2. Application Vulnerabilities come in all shapes and sizes", "3. Applications Offer a Diverse Attack Surface", "4. The Application Level is More Dynamic", "5. 70% of Application Code Comes from OSS", "6. Application Vulnerabilities Are Harder to Fix", "7. Cloud Infrastructure Security Has Become a Commodity", "The time for Runtime Application Detection and Response (ADR)" ] } ] }
Don’t Leave Empty-Handed!
Before you go, grab our latest eBook packed with insights and expert strategies. Download it for free now!
Get the eBook