Targeted Technologies

Technologies targeted by threat actors or at risk of exploitation (prevalence indicates percentage of cloud environments with at least one hosted instance of the technology)

Name	No. Incidents	Techniques	Prevalence (%)
aiohttp	1		0.82
Amazon Bedrock	1
Amazon SageMaker	1		0.38
Amazon SES	1
Amazon SNS	0	SNS abuse for spam or phishing
Ansible	1		0.61
Apache ActiveMQ	6		0.35
Apache Airflow	0		0.34
Apache Ant	0		0.33
Apache Axis	0		0.13
Apache Cassandra	1		0.18
Apache CloudStack	0		0.11
Apache CouchDB	2		0.06
Apache Druid	1		0.01
Apache Flink	1		0.08
Apache Hadoop	7	Misconfigured Apache Hadoop abuse	0.53
Apache HTTP Server	3		0.77
Apache Kafka	0		0.32
Apache OFBiz
Apache RocketMQ	1		0.01
Apache Shiro	0		0.49
Apache Spark	1		0.01
Apache Subversion	0		0.79
Apache Superset	0		0.1
Apache Thrift	0		0.14
Apache Tomcat	0		0.64
Apache ZooKeeper	0		0.7
Apollo Server	0		0.36
Argo CD	0	Misconfigured Argo abuse	0.32
Aspera Faspex	1		0.01
Avahi	0		0.43
AWS Amplify	1
AWS Appstream	0	Appstream abuse
AWS CloudFormation	1	Resource injection in CloudFormation template
AWS Codebuild	1
AWS ECS	1
AWS Fargate	2
AWS Lambda	1	Backdoor Lambda Layer Serverless execution Lambda persistence
Azure Arc	0	Azure Arc abuse
Azure Batch	1	Azure Batch abuse
Azure Entra ID
Azure Storage	3
Barracuda ESG	1		0.01
BitBucket Server	1		0.07
cAdvisor		cAdvisor abuse	0.01
CBL Mariner	0		0.23
Celery	0		0.55
Certbot	0		0.39
Chef Client	0		0.23
Chocolatey	0		0.45
Cisco Adaptive Security Appliance (ASA)
Citrix Receiver	0		0.18
ClickHouse	0		0.13
CockroachDB	0		0.17
Confluence Server	13		0.1
ConnectWise ScreenConnect	1		0.01
containerd	0		0.91
Django	0		0.65
Docker	16	Abusing exposed Docker socket Backdoor Docker image Misconfigured Docker abuse	0.89
Drupal	1		0.07
Elasticsearch	3		0.61
Envoy	0		0.20
ESXi Server	1		0.11
etcd	0
Exim	1		0.45
F5 BIG IP	1		0.27
FileZilla Server	0		0.11
Firebase	0		0.23
Flask	0		0.82
Flower	0		0.34
Fluent Bit	0		0.42
Flux Kustomize Controller	0		0.2
FortiClient
Fortinet Fortigate
Fortinet FortiManager
FortiOS
FRP Client	0		0.26
Geronimo	0		0.24
Ghostscript	0		0.77
GitHub	6	pwn request Repository webhook abuse Register self-hosted runner	0.05
GitLab	3		0.10
Google Cloud Storage
Grafana	0		0.31
Gunicorn	0		0.70
H2 Database	0		0.11
HAProxy	0		0.43
Hashicorp Consul	1	Misconfigured Consul abuse	0.19
HashiCorp Vault	0		0.33
Helm	0		0.23
Hugging Face Transformers	0		0.42
ImageMagick	0		0.82
InfluxDB	0		0.25
InMage Scout	0		0.17
Istio	0		0.25
Ivanti Connect Secure VPN	3		0.01
Jenkins	6	Repository webhook abuse	0.46
Jira Server	3		0.12
Jupyter Notebook	4	Jupyter Notebook misconfig abuse Jupyter Notebook ransomware	0.63
JupyterLab	1		0.54
Keycloak	0		0.21
Kibana	1		0.22
KubeFlow	0	Misconfigured KubeFlow abuse	0.04
Kubernetes	9	Propagation via Kubelet K8s anonymous auth abuse	0.77
LangChain	0		0.30
Laravel	3		0.23
LevelDB	0		0.17
Liferay	1
Lighttpd
Localtunnel	0		0.33
Lottie-player
Magento	1		0.05
MariaDB	0		0.50
Maven	0		0.41
Mbed TLS	0		0.17
Memcached	0		0.27
Metabase	1		0.11
Metricbeat	0		0.16
Microsoft Exchange	2	Email server hijacking	0.1
Microsoft IIS	0		0.42
Microsoft Outlook
Microsoft Power Pages		Misconfigured Power Pages abuse
Microsoft SCCM	0		0.28
Microsoft SQL Server	4	SQL injection SQL commands	0.46
Microsoft Word
MinIO	1		0.02
Moby	0		0.11
MODX	1
MongoDB	2		0.58
Monit	0		0.24
MySQL	1	SQL injection SQL commands	0.65
NGINX	2		0.86
ngrok	0		0.12
npm	1	Package dependency confusion	0.59
Office365	1
OMI	0		0.37
Openfire
OpenMetadata	1		0.02
OpenResty	0		0.28
Openscap	0		0.19
OpenSearch	0		0.21
Oracle Database	0		0.11
Packer	0		0.14
PAN-OS	0		0.26
PaperCut	1		0.03
PHP	3		0.68
phpMyAdmin	1		0.29
PHPUnit
Podman	0		0.34
PostgreSQL	2	Misconfigured DB abuse	0.87
Prometheus	0		0.26
Proself
Puppet	0		0.16
Puppet Agent	0		0.20
Qlink Sense	1		0.05
RabbitMQ	0		0.34
Redis	13	Redis-as-a-backdoor Misconfigured Redis abuse	0.80
ReportLab	0		0.33
RocksDB	0		0.12
RStudio	0		0.15
RubyGems	0		0.25
S3 Bucket	5	Storage Denial of Wallet amplification attack
Salesforce	1
SaltStack	1		0.17
Samba	0		0.40
SAP Crystal Reports	0		0.19
ScienceLogic SL1
Selenium Grid		Misconfigured Selenium Grid abuse	0.33
SharePoint	1		0.05
Smartsheet	1
Snowflake
Solr	1		0.33
SonarQube	0		0.25
Sonatype Nexus	0		0
Splunk Forwarder	0		0.30
Spring Boot	0	Spring Boot Actuator abuse	0.72
Spring Cloud	0		0.18
Spring Framework	1		0.84
Squid	0		0.28
strongSwan	0		0.29
SugarCRM	1		0.01
Tableau Server	0		0.21
TaffyDB	0		0.39
Team Foundation Server	0		0.30
TeamCity	2	Repository webhook abuse	0.09
Telerik UI
Tenable Nessus	0		0.2
Tensorflow Hub	0		0.22
TestNG	0		0.11
ThinkPHP	1
TigerVNC	0		0.26
TightVNC	0		0.20
TP-Link Router
vCenter Server	1
Veeam
Verdaccio	0		0.20
VirtualBox	0		0.15
VMware Horizon	1		0.02
VMware vSphere
VMWare Workspace ONE Access and Identity Manager
vsftpd	0		0.31
WebLogic	3		0.1
Windows AFD
Windows Print Spooler
Windows SmartScreen
WinRAR
WordPress	3	Misconfigured Wordpress abuse	0.31
WSO2	2		0.02
Zabbix Agent	0		0.21
ZeroMQ	0		0.23
Zimbra Server
Zoho ManageEngine	1		0.12
Zyxel