Cloud and cybersecurity: threat situation and recommendations by the French cybersecurity agency

Report published by ANSSI on February 20, 2025

Today, cloud computing is an essential component of modern digital infrastructures, offering flexibility, scalability and cost optimization. However, the use of cloud computing raises major cybersecurity issues, notably due to the increased complexity of cloud environments, hybridization between cloud and local information systems (IS), and, in some cases, dependence on cloud service providers

Against this backdrop, the French National Agency for Information Systems Security (ANSSI) has just published a report outlining the main threats to cloud infrastructures and proposing concrete recommendations for service providers and their customers.

Threat situation

The ANSSI report highlights the fact that all players in the cloud ecosystem are exposed to cyber threats, whether they are service providers or customers.

ANSSI describes numerous real-life examples of attacks in three main categories:

  • Attacks for profit: cybercriminals can exploit vulnerabilities in cloud infrastructures to deploy ransomware or steal sensitive data for resale or extortion. For example, in 2023, the Scattered Spider group demonstrated the extent to which a single vulnerable access can compromise an entire cloud infrastructure by managing to infiltrate via a simple, poorly secured customer portal, and then deploy its ransomware.
  • Attacks for espionage purposes: cloud infrastructures host strategic data for many organizations, particularly governments. As such, they are prime targets for industrial and state espionage. ANSSI cites the attack by the Storm-0558group, associated with China, which compromised several US government e-mail accounts in 2023.
  • Destabilizing attacks: distributed denial of service (DDoS) attacks are growing exponentially in intensity and frequency, making critical services unavailable and impacting strategic infrastructures.

ANSSI also details attack scenarios targeting virtualization applications and hardware management components, which are critical elements of cloud infrastructure.

Finally, ANSSI highlights a growing threat: the exploitation of the cloud by cybercriminals themselves. They use cloud resources to host malicious infrastructures, run phishing campaigns or orchestrate DDoS attacks.

ANSSI recommendations

In response to these risks, ANSSI has drawn up a list of 36 recommendations, half of which are aimed at cloud service providers and the other half at their customers. Among these recommendations, the following should be highlighted with regard to cloud service customers:

  • Implementation of the 42 measures in the ANSSI “hygiene guide”, which form the fundamental basis for information systems security.
  • The implementation of partitioning policies between systems hosted in the cloud and local information systems, to limit the spread of attacks.
  • The definition of a business continuity and recovery strategy, which must be documented, as well as the application of certain best practices to prevent DDoS attacks.
  • Strengthening identity and access management, by applying proven security principles such as multi-factor authentication and the least privilege principle.
  • Ongoing risk monitoring and assessment, and in-depth investigation of security incidents to improve threat detection and response.

The ANSSI also emphasizes the role of suppliers: they must offer their customers infrastructures and tools enabling them to implement their own security measures (taking into account ANSSI recommendations). The authority also highlights its SecNumCloud label, which represents the highest level of certification in France for cloud services.

The consequences of a cyber attack can be multiple and particularly heavy: financial losses, damage to reputation, but also liability due to violations of regulatory obligations, which are constantly evolving (RGPD, NIS2, DORA, etc.). This report highlights the imperative of continuously adapting security measures to new information system architectures as well as evolving threats. It should prove a useful resource for all cloud players, whether end-user companies or service providers.