Darkreading.com published an article that many …”organizations don’t properly understand the cloud identity and access management layer and often fail to secure it.” The November 11, 2019 article entitled “Researchers Find New Approach to Attacking Cloud Infrastructure” included these comments:
A new attack vector exists in cloud providers’ application programming interfaces (API), which are accessible through the Internet and give adversaries an opportunity to take advantage and gain highly privileged access to critical assets in the cloud.
The people in charge of managing cloud resources are usually members of the DevOps, development, and IT teams, who gain access to APIs using different software development kits and dedicated command line tools.
Beware since Cybercriminals are always ahead of Cybersecurity!