Cloud Threat Landscape
Targeted Technologies
Targeted Technologies

Targeted Technologies

Technologies targeted by threat actors or at risk of exploitation (prevalence indicates percentage of cloud environments with at least one hosted instance of the technology)

All Technologies

5 views

All Technologies

Most Targeted

Most Prevalent

With Techniques

CISA KEV

Name
No. Incidents
Techniques
Prevalence (%)
Nuclei
Metasploit
CISA KEV
Adobe ColdFusion
aiohttp
1

0.82

Amazon Bedrock
1
Amazon EKS
Amazon SageMaker
1

0.38

Amazon SES
1
Amazon SNS
0
SNS abuse for spam or phishing
Ansible
1

0.61

Apache ActiveMQ
6

0.35

Apache Airflow
0

0.34

Apache Ant
0

0.33

Apache Axis
0

0.13

Apache Cassandra
1

0.18

Apache CloudStack
0

0.11

Apache CouchDB
2

0.06

Apache Druid
1

0.01

Apache Flink
1

0.08

Apache Hadoop
7
Misconfigured Apache Hadoop abuse

0.53

Apache HTTP Server
3

0.77

Apache Kafka
0

0.32

Apache OFBiz
Apache RocketMQ
1

0.01

Apache Shiro
0

0.49

Apache Spark
1

0.01

Apache Struts
Apache Subversion
0

0.79

Apache Superset
0

0.1

Apache Thrift
0

0.14

Apache Tomcat
0

0.64

Apache ZooKeeper
0

0.7

Apollo Server
0

0.36

Argo CD
0
Misconfigured Argo abuse

0.32

Aspera Faspex
1

0.01

Autodesk Revit
Avahi
0

0.43

Aviatrix Controller
AWS Amplify
1
AWS Appstream
0
Appstream abuse
AWS CloudFormation
1
Resource injection in CloudFormation template
AWS Codebuild
1
AWS ECS
1
AWS Fargate
2
AWS Lambda
1
Backdoor Lambda LayerServerless executionLambda persistence
AWS SSM
Azure Arc
0
Azure Arc abuse
Azure Batch
1
Azure Batch abuse
Azure Entra ID
Azure Storage
3
Barracuda ESG
1

0.01

BeyondTrust
BitBucket Server
1

0.07

cAdvisor
cAdvisor abuse

0.01

CBL Mariner
0

0.23

Celery
0

0.55

Certbot
0

0.39

Chef Client
0

0.23

Chocolatey
0

0.45

Cisco Adaptive Security Appliance (ASA)
Citrix NetScaler
Citrix Receiver
0

0.18

Cleo file transfer software
ClickHouse
0

0.13

CockroachDB
0

0.17

ComfyUI
Confluence Server
13

0.1

ConnectWise ScreenConnect
1

0.01

containerd
0

0.91

CraftCMS
Django
0

0.65

Docker
16
Abusing exposed Docker socketBackdoor Docker imageMisconfigured Docker abuse

0.89

DogWifTools
Drupal
1

0.07

Elasticsearch
3

0.61

Envoy
0

0.20

ESXi Server
1

0.11

etcd
0
Exim
1

0.45

F5 BIG IP
1

0.27

FileZilla Server
0

0.11

Firebase
0

0.23

Flask
0

0.82

Flower
0

0.34

Fluent Bit
0

0.42

Flux Kustomize Controller
0

0.2

FortiClient
Fortinet Fortigate
Fortinet FortiManager
FortiOS
FRP Client
0

0.26

Geronimo
0

0.24

Ghostscript
0

0.77

Gitea
Misconfigured Gitea Abuse
gith
GitHub
6
pwn requestRepository webhook abuseRegister self-hosted runnerScript injection into CICD workflow

0.05

GitLab
3
Script injection into CICD workflow

0.10

Google Cloud Storage
Grafana
0

0.31

Gunicorn
0

0.70

H2 Database
0

0.11

HAProxy
0

0.43

Hashicorp Consul
1
Misconfigured Consul abuse

0.19

HashiCorp Vault
0

0.33

Helm
0

0.23

Hugging Face Transformers
0

0.42

ImageMagick
0

0.82

InfluxDB
0

0.25

InMage Scout
0

0.17

Istio
0

0.25

Ivanti Connect Secure VPN
3

0.01

Ivanti CSA
Ivanti EPMM
JDWP
Jenkins
6
Repository webhook abuse

0.46

Jira Server
3

0.12

Jupyter Notebook
4
Jupyter Notebook misconfig abuseJupyter Notebook ransomware

0.63

JupyterLab
1

0.54

Keycloak
0

0.21

Kibana
1

0.22

Krpano
KubeFlow
0
Misconfigured KubeFlow abuse

0.04

Kubernetes
9
Propagation via KubeletK8s anonymous auth abuse

0.77

LangChain
0

0.30

Langflow
Laravel
3

0.23

LevelDB
0

0.17

Liferay
1
Lighttpd
Linux
Localtunnel
0

0.33

Lottie-player
Magento
1

0.05

MariaDB
0

0.50

Maven
0

0.41

Mbed TLS
0

0.17

Memcached
0

0.27

Metabase
1

0.11

Metricbeat
0

0.16

Microsoft Exchange
2
Email server hijacking

0.1

Microsoft Graph API
Microsoft IIS
0

0.42

Microsoft OneDrive
Microsoft Outlook
Microsoft Power Pages
Misconfigured Power Pages abuse
Microsoft SCCM
0

0.28

Microsoft SQL Server
4
SQL injectionSQL commands

0.46

Microsoft Teams
Microsoft Word
MinIO
1

0.02

Moby
0

0.11

MODX
1
MongoDB
2

0.58

Monit
0

0.24

MySQL
1
SQL injectionSQL commands

0.65

NGINX
2

0.86

ngrok
0

0.12

Nomad
npm
1
Package dependency confusionSlopsquatting

0.59

Office365
1
OMI
0

0.37

Open WebUI
Openfire
OpenMetadata
1

0.02

OpenResty
0

0.28

Openscap
0

0.19

OpenSearch
0

0.21

Oracle Cloud
Oracle Database
0

0.11

Oracle E-Business Suite
Packer
0

0.14

PAN-OS
0

0.26

PaperCut
1

0.03

PHP
3

0.68

phpMyAdmin
1

0.29

PHPUnit
Podman
0

0.34

PostgreSQL
4
Misconfigured DB abuse

0.87

Prometheus
0

0.26

Proself
Puppet
0

0.16

Puppet Agent
0

0.20

PyPI
SlopsquattingPackage dependency confusion
Qlink Sense
1

0.05

RabbitMQ
0

0.34

Redis
13
Redis-as-a-backdoorMisconfigured Redis abuse

0.80

ReportLab
0

0.33

RocksDB
0

0.12

RStudio
0

0.15

RubyGems
0

0.25

S3 Bucket
5
Storage Denial of Wallet amplification attack
Safe{wallet}
Salesforce
1
Salesloft Drift
SaltStack
1

0.17

Samba
0

0.40

SAP Crystal Reports
0

0.19

SAP NetWeaver
ScienceLogic SL1
Selenium Grid
Misconfigured Selenium Grid abuse

0.33

SharePoint
1

0.05

SimpleHelp
Slack
Smartsheet
1
Snowflake
Solana
Solr
1

0.33

SonarQube
0

0.25

Sonatype Nexus
0

0

SonicWall firewall
Splunk Forwarder
0

0.30

Spring Boot
0
Spring Boot Actuator abuse

0.72

Spring Boot Actuator
Spring Cloud
0

0.18

Spring Framework
1

0.84

Squid
0

0.28

strongSwan
0

0.29

SugarCRM
1

0.01

Tableau Server
0

0.21

TaffyDB
0

0.39

Team Foundation Server
0

0.30

TeamCity
2
Repository webhook abuse

0.09

Telerik UI
Tenable Nessus
0

0.2

Tensorflow Hub
0

0.22

TestNG
0

0.11

ThinkPHP
1
TigerVNC
0

0.26

TightVNC
0

0.20

TP-Link Router
vCenter Server
1
Veeam
Verdaccio
0

0.20

VirtualBox
0

0.15

Visual Studio Code
VMware Horizon
1

0.02

VMware vSphere
VMWare Workspace ONE Access and Identity Manager
vsftpd
0

0.31

WebLogic
3

0.1

Windows AFD
Windows Print Spooler
Windows SmartScreen
WinRAR
WordPress
3
Misconfigured Wordpress abuse

0.31

WSO2
2

0.02

Zabbix Agent
0

0.21

ZeroMQ
0

0.23

Zimbra Server
Zoho ManageEngine
1

0.12

Zyxel