The Cloud Is Beginning To Attract Criminal Extortion

Ransomware software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin, has emerged as a potent and increasingly common threat online. 

But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

The best defense against ransomware is a good set of data backups that are made each day, preferably to a device that is not always connected to the network. Unfortunately, this is often easier said than done, especially for small businesses. 

For many ransomware victims who do not have backups to rely upon, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand.As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximise profits. Ransomware is now a billion-dollar enterprise for cybercriminals, and, as in any industry, it has evolved over time to become more efficient and maximise profits. 

Hackers have transitioned away from launching ransomware attacks indiscriminately in bulk and are now specifically targeting high-value targets within the companies and industries most likely to pay higher ransoms for the safe return of their files. 

When ransomware first hit the scene in 2013 with CryptoLocker, attackers targeted anyone and everyone, from CEOs to senior citizens. Even if just a small percentage of victims paid the relatively small ransom, attackers were sending out such a high volume of ransomware that they'd still make money. As ransomware success rates decreased due to improvements in antivirus protections. Instead, attackers began targeting industries in which businesses can't function with any downtime, most prominently health care, state and local government, and industrial control systems. 

Attackers picked their targets more carefully, devoted more time and effort to breaking in, and asked for larger ransoms. In short, they adapted their tactics to maximize profits.

Expert analysts like Brian Krebs think that  believe ransomware will target the cloud for three reasons.

  • First, the cloud has been left largely untouched by ransomware so far, so it's a new market opportunity for attackers.
  • Second, the data and services stored or run through the cloud are now critical to the day-to-day operations of many businesses.

Five years ago, a company might have been able to function without its cloud deployment in the short term, so the pressure to pay a ransom wouldn't have been as high. Now, most businesses will be crippled if they lose access to their public or private cloud assets. That creates the same intense pressure to restore services quickly that we've seen with hospitals, city governments, and power plants over the last few years.

  • Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. 

Cloud Security
To prevent cloud ransomware attacks, businesses need cloud security. Many smart IT people believe they don't need to worry about securing data in an infrastructure-as-a-service (IaaS) deployment because Microsoft or Amazon will handle it for them. 
While most public cloud providers do supply basic security controls, they may not include all of the latest security services needed to prevent more evasive threats. For example, most IaaS providers offer some form of basic anti-malware protection, but not the more sophisticated behavioral or machine learning-based anti-malware solutions available today.  

WatchGuard research has found that between a third and half of all malware attacks use evasion or obfuscation techniques to bypass traditional, signature-based antivirus solutions. 

Without more proactive anti-malware, modern ransomware could skirt right past basic cloud security controls. Fortunately, you can get a virtual or cloud version of most network security solutions on the market today, and I suggest using these to secure your cloud environments.

Misconfigurations and human mistakes made while setting up cloud permissions and policies create weak spots that attackers can exploit to deliver ransomware. 

Every organisation using a public or private cloud should harden these environments by properly securing S3 bucket configurations, closely managing file permissions, requiring multifactor authentication for access, and more. There are many "cloud hardening" guides that can help with this, and I recommend that anyone new to the cloud look into them.

The good news is that the cloud can be secured with many of the same best practices that apply to physical networks. Make every effort to keep your cloud deployments safe and secure today. In the future, you might be glad you did.

Dark Reading:       WatchGuard:        Krebs On Security

You Might Also Read: 

On Demand Webinar: How to secure app pipelines in AWS:

Attack Vectors Are Proliferating:

 

 

« Counting The Ways That AI Can Boost Business
Charming Kittens: Phishing Emails From Iran »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Sangfor Technologies

Sangfor Technologies

Sangfor Technologies is a global leading vendor of IT infrastructure solutions. It is specialized in Cloud Computing, Network Security and Network Optimization.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

Governikus

Governikus

Governikus provides solutions for secure data transport, authentication, the use of electronic signatures and cryptography as well as for long-term storage.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

NeuraLegion

NeuraLegion

NeuraLegion revolutionizes the way Application Security Testing is conducted, by combining Machine Learning Algorithms and an offensive approach.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Take Five

Take Five

Take Five is a national campaign offering straight-forward, impartial advice that helps prevent email, phone-based and online fraud – particularly where criminals impersonate trusted organisations.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.