It’s common for cyberattackers to use public cloud environments to infiltrate on-prem data centers.
These types of threats occur when customers move one of their workloads into a public cloud environment, such as Amazon Web Services or Microsoft Azure, and use Direct Connect (or any other VPN tunnel) to move between the public cloud into the private cloud. An attacker who breaches one of the environments can then move laterally, under the radar of security tools.
After the attacker scans the environment, he can use traditional vulnerabilities and exploits to gain an advantage in the public cloud.
The threat could be caught in the public cloud, he continues, but defenses are weaker there than they are in on-prem environments. An attacker has an advantage in moving between public and private clouds, and can use his position to persist in a target network.