#NSBCS.072 - Bring an Umbrella: Technical Resilience for Cloud Security
Source: NSB Cyber
Bring an Umbrella: Technical Resilience for Cloud Security
In today’s world, organisations can rely heavily on platforms like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud to host critical systems, deliver services, and store sensitive data. This shift has introduced immense flexibility and scalability - but it’s also raised the stakes when it comes to cybersecurity and operational continuity.
That’s where technical resilience comes into play.
At its core, technical resilience is the ability of your digital systems to withstand disruptions - whether from cyberattacks, misconfigurations, or system failures, and being able to recover with minimal impact. It’s about building cloud environments that aren’t just secure, but also durable, adaptable, and recoverable under pressure.
Unfortunately, too many organisations can often only realise the importance of resilience after an incident. The result? Downtime, possible data loss, reputational damage - and a team scrambling to contain the fallout.
Cybersecurity shouldn’t be reactive. In cloud environments, being reactive often means you're already compromised. A proactive mindset is what separates mature cloud security postures from vulnerable ones. It starts by routinely assessing the health and configuration of your environment.
Ask yourself:
Are we applying the principle of least privilege across all identities and roles?
Is multi-factor authentication (MFA) enforced, especially for privileged access?
Do we have automated monitoring and alerting in place that can detect anomalies early?
Are our backups recent, reliable, and tested regularly?
Building technical resilience also means simulating incidents. Have you run a recovery drill recently? Have you tested your cloud provider’s capabilities or validated your disaster recovery objectives? Exercises like these turn theoretical plans into practical muscle memory. When teams know exactly what to do under pressure, response times drop and confidence rises.
Being proactive doesn’t require overhauling everything overnight. It starts with identifying gaps, prioritising risks, and embedding regular resilience reviews into your workflow. Treat it as a continuous lifecycle - assess, improve, test, repeat.
Because in today’s threat landscape, technical resilience isn’t a checkbox - it’s your safety net.
Cyberattacks are evolving. Misconfigurations still top the list of cloud vulnerabilities. Human error remains a constant.
So, take the time to evaluate your cloud environment today.
For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.
What we read this week
Microsoft: Windows Server Hotpatching to Require Subscription - Microsoft will begin charging for Windows Server 2025 hotpatching starting 1 July 2025, requiring servers to be connected via Azure Arc. Hotpatching, which allows security updates to be installed without rebooting, has been available in preview for free but will require a subscription for continued use beyond June. While the feature streamlines security patching for Windows Server environments, it doesn't cover all updates — for example, .NET or non-security updates still require a reboot. Microsoft has also extended hotpatching to Windows 11 Enterprise 24H2 systems for business customers as of April 2025.
SentinelOne Uncovers Chinese Espionage Campaign Targeting Its Infrastructure and Clients - SentinelOne uncovered that a China-linked threat group called PurpleHaze, possibly tied to APT15, attempted reconnaissance against its systems and high-value clients, using tools like Windows backdoor GoReShell and operational relay box (ORB) networks to obscure activity. SentinelOne also reported North Korea-linked actors creating fake personas and submitting hundreds of job applications to infiltrate its intelligence team. Meanwhile, ransomware groups, including the Russia-linked Nitrogen, are abusing reseller channels to buy legitimate EDR licenses under fake company names, using them to fine-tune malware in underground ‘EDR Testing-as-a-Service’ environments.
Google: 75 Zero-Days Exploited in 2024, Over 50% in Spyware Attacks - In 2024, Google's Threat Intelligence Group tracked 75 zero-day vulnerabilities exploited in the wild, over half of which were linked to spyware and cyber-espionage, particularly by China and North Korean-linked actors and commercial surveillance clients. While the total number dropped from 97 in 2023, the long-term trend shows a steady increase in zero-day attacks, with end-user platforms like browsers and operating systems most affected. Attacks increasingly targeted enterprise environments, with 44% of zero-days aimed at business products, especially security and networking appliances from vendors like Ivanti, Cisco, and Palo Alto Networks. Google analysts note that while some vendors’ mitigation efforts are working, threat actors are shifting toward exploiting less-protected enterprise systems.
Ransomware Gangs Innovate With New Affiliate Models - Secureworks has revealed that ransomware groups DragonForce and Anubis are evolving the ransomware-as-a-service (RaaS) model with more flexible affiliate options, lowering the barrier for less experienced cybercriminals. DragonForce now allows affiliates to use their own malware while providing infrastructure and support services, while Anubis offers three models: traditional RaaS, data extortion, and monetising existing access. These shifts reflect how ransomware operators increasingly operate like businesses, adapting to law enforcement pressure and market conditions to maximise revenue. To defend against these threats, Secureworks recommends proactive security practices including patching, phishing-resistant multi-factor authentication (MFA), and strong backups processes.
Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi - Researchers from Oligo have disclosed a set of vulnerabilities dubbed “AirBorne” that affect Apple’s AirPlay protocol, potentially allowing hackers on the same Wi-Fi network to take control of AirPlay-enabled devices like speakers, TVs, and even vehicles. While Apple has patched vulnerabilities in its own products, tens of millions of third-party devices that use the AirPlay SDK remain at risk, with many unlikely to receive updates. These flaws could allow attackers to move laterally within a network, maintain stealthy access, or even conduct espionage by hijacking devices with microphones. The situation highlights the challenge of securing third-party hardware using Apple protocols, especially when those devices are rarely updated or fall outside Apple’s direct control.
Referenceshttps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-hotpatching-to-require-subscription/
https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html
https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/
https://www.darkreading.com/data-privacy/ransomware-gangs-innovate-new-affiliate-models
https://www.wired.com/story/airborne-airplay-flaws/