The Scariest Cloud Security Stories of 2022 (So Far)

RTInsights Team
4 min readNov 3, 2022

By Lisa Damast

cloud security
The vast majority of Kubernetes API servers are exposed to the public internet. Image credit: Canva’s AI image generator

It’s the time of year when goblins and ghouls come out to play, and what could be scarier than stories of cloud security incidents?

We’ve all heard horror stories about hacking and data breaches, and it can be downright chilling to think about what could happen if our cloud data were compromised.

Here are nine of 2022’s scariest cloud stories for developers and security professionals:

1. 80% of Organizations Had A Cloud Security Incident in 2021

80% of organizations experienced a serious cloud incident last year, with a further 25% worried they have suffered a cloud data breach but are unaware of it, according to cloud cybersecurity firm Snyk in its State of Cloud Security report, released in September.

The most prominent incidents cited in the report include:

  • System downtime (34%)
  • Cloud data breach (33%)
  • Environment intrusion (27%)

Read more

2. Log4j, Like COVID, is Endemic and Still Requires Attention

In July, a report by the U.S. Department of Homeland Security’s Cyber Safety Review Board declared Log4j an “endemic vulnerability.”

The report explicitly warned the Log4j event is not over and remains deeply embedded in systems.

The reason why is even scarier.

3. Researchers Find 380,000 Open Kubernetes Servers

In May, The Shadowserver Foundation published a study that found that the vast majority of Kubernetes API servers were exposed to the public internet, a cause for concern given the increase in Kubernetes-based cyberattacks.

The study, which identified 450,000 Kubernetes API servers, found that 380,000 allowed some form of access.

4. Critical RCE Vulnerability Reminiscent of Log4j Issues

In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the remote code execution (RCE) vulnerability affecting the Spring Framework to its Known Exploited Vulnerabilities Catalog.

The designation was based on evidence of active exploitation.

And the impact the vulnerability will have on organizations is similar to what we recently experienced with the vulnerability found in Apache’s Log4j software library in December 2021. Here’s why.

5. European Politicians Duped into Deepfake Video Calls with the Mayor of Kyiv

From The Guardian (June 2022): “The mayor of Berlin, Franziska Giffey, took part in a scheduled call on the Webex video conferencing platform on Friday with a person she said looked and sounded like Klitschko.

“There were no signs that the video conference call wasn’t being held with a real person,” her office said in a statement.”

Giffey and other mayors throughout Europe had been “duped into having these video calls with a deepfake of their counterpart in Kyiv, Vitali Klitschko.”

6. Linux Multi-Cloud Ransomware Attacks Expected to Increase

From February 2022: “A report by cloud computing and virtualization provider #VMWare, “Exposing Malware in Linux-Based Multi-Cloud Environments,” details the increasing threat of ransomware to multi-cloud platforms, of which Linux is used almost exclusively.

  • Weak authentication and misconfigurations in container-based infrastructures, such as Kubernetes, Container Linux and Photon OS, are two of the primary ways attackers are able to infiltrate cloud-based environments.
  • In the second instance, VMWare’s Threat Analysis unit found that the Monero cryptocurrency, infamous for its hard-to-track payment system, which has made it a favorite of the dark web, was the currency 89% of attackers would mine on their stolen CPU cycles. Read more

7. Cost of Average Data Breach Increases For Third Year In A Row

The average cost of a data breach has increased for the third year in a row, according to IBM’s Cost of a Data Breach Report 2022, with organizations forking out $4.35 million in 2021, a 2.6% increase on the previous year.

8. AWS Serverless Vulnerability Identified For The First Time

From June 2022: “A recently published blog post detailed the first publicly-known case of malware built and executed in an AWS Lambda environment.

The malware was only designed to run crypto-mining software for the XMR coin, but Cado Security anticipates that there may be more severe use cases that attackers will exploit in the near future.”

9. Ransomware Hackers Turn Aim To Midmarket Targets

From March 2022: “After several high profile ransomware attacks in 2021, including the Colonial Pipeline, JBS and Washington DC Metropolitan Police Department, hackers are reportedly aiming for more low-key targets in 2022…

The key reason for this is to avoid the publicity that many of those high profile cases garnered, which led to FBI and CIA investigations and even pressure on Russian and Ukrainian governments to find the people responsible, such as DarkSide and REvil.” Read more

What’s the scariest security story you’ve heard this year?

This was originally published as an article on LinkedIn on October 31, 2022. Keep up to date on cloud security on