The Cloud Is Beginning To Attract Criminal Extortion

Uploaded on 2020-02-19 in TECHNOLOGY--Developments, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ransomware software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin, has emerged as a potent and increasingly common threat online. 

But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

The best defense against ransomware is a good set of data backups that are made each day, preferably to a device that is not always connected to the network. Unfortunately, this is often easier said than done, especially for small businesses. 

For many ransomware victims who do not have backups to rely upon, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand.As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximise profits. Ransomware is now a billion-dollar enterprise for cybercriminals, and, as in any industry, it has evolved over time to become more efficient and maximise profits. 

Hackers have transitioned away from launching ransomware attacks indiscriminately in bulk and are now specifically targeting high-value targets within the companies and industries most likely to pay higher ransoms for the safe return of their files. 

When ransomware first hit the scene in 2013 with CryptoLocker, attackers targeted anyone and everyone, from CEOs to senior citizens. Even if just a small percentage of victims paid the relatively small ransom, attackers were sending out such a high volume of ransomware that they'd still make money. As ransomware success rates decreased due to improvements in antivirus protections. Instead, attackers began targeting industries in which businesses can't function with any downtime, most prominently health care, state and local government, and industrial control systems. 

Attackers picked their targets more carefully, devoted more time and effort to breaking in, and asked for larger ransoms. In short, they adapted their tactics to maximize profits.

Expert analysts like Brian Krebs think that  believe ransomware will target the cloud for three reasons.

  • First, the cloud has been left largely untouched by ransomware so far, so it's a new market opportunity for attackers.
  • Second, the data and services stored or run through the cloud are now critical to the day-to-day operations of many businesses.

Five years ago, a company might have been able to function without its cloud deployment in the short term, so the pressure to pay a ransom wouldn't have been as high. Now, most businesses will be crippled if they lose access to their public or private cloud assets. That creates the same intense pressure to restore services quickly that we've seen with hospitals, city governments, and power plants over the last few years.

  • Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. 

Cloud Security
To prevent cloud ransomware attacks, businesses need cloud security. Many smart IT people believe they don't need to worry about securing data in an infrastructure-as-a-service (IaaS) deployment because Microsoft or Amazon will handle it for them. 
While most public cloud providers do supply basic security controls, they may not include all of the latest security services needed to prevent more evasive threats. For example, most IaaS providers offer some form of basic anti-malware protection, but not the more sophisticated behavioral or machine learning-based anti-malware solutions available today.  

WatchGuard research has found that between a third and half of all malware attacks use evasion or obfuscation techniques to bypass traditional, signature-based antivirus solutions. 

Without more proactive anti-malware, modern ransomware could skirt right past basic cloud security controls. Fortunately, you can get a virtual or cloud version of most network security solutions on the market today, and I suggest using these to secure your cloud environments.

Misconfigurations and human mistakes made while setting up cloud permissions and policies create weak spots that attackers can exploit to deliver ransomware. 

Every organisation using a public or private cloud should harden these environments by properly securing S3 bucket configurations, closely managing file permissions, requiring multifactor authentication for access, and more. There are many "cloud hardening" guides that can help with this, and I recommend that anyone new to the cloud look into them.

The good news is that the cloud can be secured with many of the same best practices that apply to physical networks. Make every effort to keep your cloud deployments safe and secure today. In the future, you might be glad you did.

Dark Reading:       WatchGuard:        Krebs On Security

You Might Also Read: 

On Demand Webinar: How to secure app pipelines in AWS:

Attack Vectors Are Proliferating:

 

 

« Counting The Ways That AI Can Boost Business
Charming Kittens: Phishing Emails From Iran »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

Iron Bow Technologies

Iron Bow Technologies

Iron Bow Technologies is a leading IT solution provider dedicated to successfully transforming technology investments into business capabilities for government, commercial and healthcare clients.

Sendmarc

Sendmarc

Sendmarc automates the process of protecting your domain from being used in email impersonation and phishing attacks.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Transatlantic Cyber Security Business Network

Transatlantic Cyber Security Business Network

The Transatlantic Cyber Security Business Network is a coalition of UK and US cyber security companies which facilitates collaboration to help address critical cyber security challenges.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

InnovateHer

InnovateHer

At InnovateHer, our vision is to make the tech sector more equitable, by increasing diversity across the spectrum and creating more inclusive workplaces.

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

5S Technologies

5S Technologies

5S Technologies is a regional IT solutions and services provider based in Cary, NC and serving the Carolinas.