In their latest report, Intel 471 examines three types of cloud insiders (negligent, manipulated and malicious) and how threat actors in the cybercriminal underground exploit all three types of insiders:
- The credential and access markets that capitalize on the negligent insider.
- Social engineering activity used to manipulate individuals into providing insider access and/or data.
- The direct recruitment efforts seeking employees who willingly and maliciously provide insider access.
The report also details the increasing demand for credentials, cookies and logs from corporate cloud services such as GoDaddy, Google Workspace, Microsoft 365, Office 365, Outlook on the web (OWA) and Slack.
