The Cloud Is Beginning To Attract Criminal Extortion

Uploaded on 2020-02-19 in TECHNOLOGY--Developments, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ransomware software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin, has emerged as a potent and increasingly common threat online. 

But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

The best defense against ransomware is a good set of data backups that are made each day, preferably to a device that is not always connected to the network. Unfortunately, this is often easier said than done, especially for small businesses. 

For many ransomware victims who do not have backups to rely upon, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand.As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximise profits. Ransomware is now a billion-dollar enterprise for cybercriminals, and, as in any industry, it has evolved over time to become more efficient and maximise profits. 

Hackers have transitioned away from launching ransomware attacks indiscriminately in bulk and are now specifically targeting high-value targets within the companies and industries most likely to pay higher ransoms for the safe return of their files. 

When ransomware first hit the scene in 2013 with CryptoLocker, attackers targeted anyone and everyone, from CEOs to senior citizens. Even if just a small percentage of victims paid the relatively small ransom, attackers were sending out such a high volume of ransomware that they'd still make money. As ransomware success rates decreased due to improvements in antivirus protections. Instead, attackers began targeting industries in which businesses can't function with any downtime, most prominently health care, state and local government, and industrial control systems. 

Attackers picked their targets more carefully, devoted more time and effort to breaking in, and asked for larger ransoms. In short, they adapted their tactics to maximize profits.

Expert analysts like Brian Krebs think that  believe ransomware will target the cloud for three reasons.

  • First, the cloud has been left largely untouched by ransomware so far, so it's a new market opportunity for attackers.
  • Second, the data and services stored or run through the cloud are now critical to the day-to-day operations of many businesses.

Five years ago, a company might have been able to function without its cloud deployment in the short term, so the pressure to pay a ransom wouldn't have been as high. Now, most businesses will be crippled if they lose access to their public or private cloud assets. That creates the same intense pressure to restore services quickly that we've seen with hospitals, city governments, and power plants over the last few years.

  • Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. 

Cloud Security
To prevent cloud ransomware attacks, businesses need cloud security. Many smart IT people believe they don't need to worry about securing data in an infrastructure-as-a-service (IaaS) deployment because Microsoft or Amazon will handle it for them. 
While most public cloud providers do supply basic security controls, they may not include all of the latest security services needed to prevent more evasive threats. For example, most IaaS providers offer some form of basic anti-malware protection, but not the more sophisticated behavioral or machine learning-based anti-malware solutions available today.  

WatchGuard research has found that between a third and half of all malware attacks use evasion or obfuscation techniques to bypass traditional, signature-based antivirus solutions. 

Without more proactive anti-malware, modern ransomware could skirt right past basic cloud security controls. Fortunately, you can get a virtual or cloud version of most network security solutions on the market today, and I suggest using these to secure your cloud environments.

Misconfigurations and human mistakes made while setting up cloud permissions and policies create weak spots that attackers can exploit to deliver ransomware. 

Every organisation using a public or private cloud should harden these environments by properly securing S3 bucket configurations, closely managing file permissions, requiring multifactor authentication for access, and more. There are many "cloud hardening" guides that can help with this, and I recommend that anyone new to the cloud look into them.

The good news is that the cloud can be secured with many of the same best practices that apply to physical networks. Make every effort to keep your cloud deployments safe and secure today. In the future, you might be glad you did.

Dark Reading:       WatchGuard:        Krebs On Security

You Might Also Read: 

On Demand Webinar: How to secure app pipelines in AWS:

Attack Vectors Are Proliferating:

 

 

« Counting The Ways That AI Can Boost Business
Charming Kittens: Phishing Emails From Iran »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

National Cyber League (NCL)

National Cyber League (NCL)

The NCL provides a virtual training ground for participants to develop, practice, and validate their cybersecurity knowledge and skills.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Flipside

Flipside

Information Security training provider specialized in personalized training and security awareness campaigns.

Business Hive Vilnius (BHV)

Business Hive Vilnius (BHV)

BHV is one of the oldest startup incubator and technology hubs in the Baltics, primarily focused on hardware, security, blockchain, AI, fintech and enterprise software.

Slice

Slice

Slice offer subscription based Cyber Insurance for small businesses.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

WhizHack Technologies

WhizHack Technologies

WhizHack's mission is to not only create a pipeline of cyber security products but also to empower people to sustainable innovation in securing digital assets of tomorrow.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Awareness Software Limited (ASL)

Awareness Software Limited (ASL)

As Hosting Specialists, Awareness Software offer practical and affordable hosting solutions including backup and disaster recovery and a range of cybersecurity services.

MergeBase

MergeBase

Reduce software supply chain risk with MergeBase proven Software Composition Analysis (SCA).

Aikido Security

Aikido Security

Aikido is the no-nonsense security platform for developers. Secure your code, cloud, and runtime in one central system. Find and fix vulnerabilities automatically.