* [Blog](https://www2.paloaltonetworks.com/blog)
* [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/)
* [Cloud Workload Protection Platform](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/)
* Top Takeaways from the Un...

# Top Takeaways from the Unit 42 Cloud Threat Report

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ftop-takeaways-from-the-unit-42-cloud-threat-report%2F)  
[](https://twitter.com/share?text=Top+Takeaways+from+the+Unit+42+Cloud+Threat+Report&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ftop-takeaways-from-the-unit-42-cloud-threat-report%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Ftop-takeaways-from-the-unit-42-cloud-threat-report%2F&title=Top+Takeaways+from+the+Unit+42+Cloud+Threat+Report&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/top-takeaways-from-the-unit-42-cloud-threat-report/&ts=markdown)  
\[\](mailto:?subject=Top Takeaways from the Unit 42 Cloud Threat Report)  
Link copied  
By [Mariya Harris](https://www.paloaltonetworks.com/blog/author/maharris/?ts=markdown "Posts by Mariya Harris")  
Jun 23, 2021  
5 minutes  
[Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown)  
[Threat Research](https://www.paloaltonetworks.com/blog/category/threat-research/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/tag/cloud-security/?ts=markdown)  
[cloud threat](https://www.paloaltonetworks.com/blog/tag/cloud-threat/?ts=markdown)  
[Cloud Threat Report](https://www.paloaltonetworks.com/blog/tag/cloud-threat-report/?ts=markdown)

In just a matter of months during the COVID-19 pandemic, the percentage of employees working remotely jumped alarmingly from 20% to 71%. The World Health Organization (WHO) declared COVID-19 a pandemic in March 2020, and in response enterprises quickly scaled their cloud spend in the third quarter of that same year. Remote work surged, and organizations accelerated their cloud migration plans. Needless to say, Q3 of 2020 saw a massive influx of companies moving to the cloud.

So what does a seismic, unexpected shift to cloud services mean for security?

Our elite cloud threat researchers utilized data pulled from our global array of sensors and found a correlation between the increased cloud spend due to COVID-19 and security incidents: organizations across the world increased their cloud workloads without fully understanding the security implications, leading to an explosion of cloud security breaches. Despite the migration, our research shows that cloud security programs for many organizations are still in their infancy when it comes to automating security controls (i.e. [DevSecOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devsecops) and [shifting left](https://www.paloaltonetworks.com/blog/2019/07/4-practical-steps-shift-left-security/)). Scaling cloud services without automated security controls embedded across the entire development pipeline is a toxic combination.

Continue reading to discover the top takeaways from the 1H 2021 Unit 42 Cloud Threat Report, learn about COVID-19's global impact on security posture, and receive a free download of the full report.

## **COVID-19 Cloud Security Incidents Varied By Industry**

The first significant takeaway from the Unit 42 research is that cloud security incidents differed depending on the industry. Additionally, there were significant increases in a wide variety of security risks during the COVID-19 pandemic. Risks included unencrypted cloud data, public exposure of cloud resources, insecure port configurations, and more.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/image6.png)

Cloud security incidents for the retail, manufacturing, and government industries rose by 402%, 230%, and 205%, respectively. These industries were among those facing the greatest pressures to adapt and scale in the face of the pandemic --- retailers needed new ways to quickly provide basic necessities, while manufacturing and government organizations had to deliver COVID-19 supplies and aid. Industries that play crucial roles in combating the pandemic continue to struggle to secure their cloud workloads, underscoring the danger of underinvesting in cloud security.

Although cloud infrastructure allows businesses to quickly expand their remote work capabilities, automated security controls around DevOps and continuous integration/continuous delivery (CI/CD) pipelines often lag behind this rapid movement.

## **Cryptomining Increased While Cryptojacking Decreased**

Another takeaway was the discovery of some unexpected trends in regards to cryptomining and cryptojacking. The cryptocurrency industry has always been a popular target for attackers, even before the pandemic. However, Unit 42 research revealed the increase of cryptomining and the decrease of cryptojacking during the outbreak of COVID-19.

[Cryptomining](https://www.cyber.gov.au/acsc/view-all-content/threats/cryptomining) is the process of contributing computer processing power to validating blockchain transactions for the reward of getting paid in cryptocurrency. [Cryptojacking](https://www.paloaltonetworks.com/blog/prisma-cloud/waas-cryptojacking-microservice-based-web-apps/) is a type of cyberattack in which the attackers attempt to stay undetected for as long as possible while hijacking a computer system's resources to mine cryptocurrency for their own gain.

During the COVID-19 pandemic, cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) grew in popularity and market value. While 23% of organizations showed signs of cryptojacking from July through September of 2020, this number decreased to 17% from December 2020 through February 2021. This is the first recorded drop since Unit 42 began tracking cryptojacking trends in 2018.

![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/image1.png)

Unit 42 researchers focused on data associated with Monero (XMR), a cryptocurrency popular with hackers due to its strong anonymity protections and the fact that it can be easily mined in the cloud. The research took place between December 2020 and February 2021. Although the amount of data available does not make it possible to draw definitive conclusions, it appears likely that political and health-related events exert a clear impact on malicious cryptomining operations, at least for some cryptocurrency (such as XMR).

## **Sensitive Data in the Cloud Remains Publicly Exposed**

The final takeaway from our research was that organizations have neglected to invest in the cloud governance and automated security controls necessary to protect their workloads as they move to the cloud. 30% of organizations exposed some form of sensitive content to the internet, such as personally identifiable information (PII), intellectual property, or healthcare and financial data. For reference, anyone who knows or can guess the organization's URLs can access this data.

When this data is exposed directly to the internet, organizations face significant risks associated with unauthorized access and regulatory compliance violations. This degree of exposure suggests that organizations continue to struggle to enforce proper access controls for the hundreds of data storage buckets that may operate in the cloud, especially when those buckets are spread across multiple cloud providers and accounts.

In turn, organizations have created serious business risks, such as inviting breaches through sensitive open ports. Organizations must now build a cloud security program focused evenly around all phases of the software development lifecycle to avoid this threat. Doing so will enable them to not only win in the market, but also to establish sustainable cloud security programs that can expand and contract, no matter what types of unpredictable events take place in the future.

## **Cloud Spend Must Match Cloud Security Investment**

While our previous [Unit 42 Cloud Threat Report](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research) identified similar problems, the numerous crises unleashed by the COVID-19 pandemic have further amplified the need for a strong cloud security strategy.

For organizations that are ready to identify the threats in their cloud environment, [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) analyzes more than 10 billion incidents every month. As the industry's only comprehensive Cloud Native Security Platform, Prisma Cloud proactively detects security and compliance misconfigurations, as well as triggers automated workflow responses.

Download the full [Unit 42 Cloud Threat Report (2021)](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research-1h21) to continue reading about how you can continuously and securely meet the demands of your dynamic cloud workloads, and visit [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud) to find out how you can get started on securing your organization's cloud today.

[](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research-1h21)  
[![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2021/06/image4.png)](https://www.paloaltonetworks.com/prisma/unit42-cloud-threat-research-1h21)

*** ** * ** ***

## Related Blogs

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Application Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-application-platform/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)

[#### Containers, Assemble: What Cloud Threat Actors Don't Want You to Know](https://www2.paloaltonetworks.com/blog/2022/06/cloud-threat-actors/)

### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Cloud Native Security Beyond Your Vendor's Tools](https://www2.paloaltonetworks.com/blog/cloud-security/cloud-native-security-beyond-vendor/)

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www2.paloaltonetworks.com/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Securing Shadow AI with Cortex Xpanse](https://www2.paloaltonetworks.com/blog/security-operations/securing-shadow-ai-with-cortex-xpanse/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://unit42-dev2.paloaltonetworks.com)

[#### Closing the Cloud Security Gap](https://www2.paloaltonetworks.com/blog/2025/10/closing-the-cloud-security-gap/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Stopping Cross-Domain Attacks with Cortex XDL + Cortex XSIAM](https://www2.paloaltonetworks.com/blog/security-operations/stopping-cross-domain-attacks-with-cortex-xdl-cortex-xsiam/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language