{"id":131499,"date":"2023-09-07T10:00:00","date_gmt":"2023-09-07T17:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=131499"},"modified":"2024-07-03T11:45:41","modified_gmt":"2024-07-03T18:45:41","slug":"cloud-storage-security-whats-new-in-the-threat-matrix","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/09\/07\/cloud-storage-security-whats-new-in-the-threat-matrix\/","title":{"rendered":"Cloud storage security: What’s new in the threat matrix"},"content":{"rendered":"\n
Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services. The matrix, first released in April 2021 as detailed in the blog post Threat matrix for storage services<\/a>, lays out a rich set of attack techniques mapped to a well-known set of tactics described by MITRE\u2019s ATT&CK\u00ae framework and comprehensive knowledge base, allowing defenders to more efficiently and effectively adapt and respond to new techniques.<\/p>\n\n\n\n Cybercriminals target cloud storage accounts and services for numerous purposes, such as accessing and exfiltrating sensitive data, gaining network footholds for lateral movement, enabling access to additional resources, and deploying malware or engaging in extortion schemes. To combat such threats, the updated threat matrix provides better coverage of the attack surface by detailing several new initial access techniques. The matrix further provides visibility into the threat landscape by detailing several novel attacks unique to cloud environments, including some not yet observed in real attacks. The new version of the matrix is available at: https:\/\/aka.ms\/StorageServicesThreatMatrix<\/a><\/p>\n\n\n