The Future Of Ransomware Is In The Cloud

Uploaded on 2020-06-19 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The cyber security lanscape is evolving and many businesses don’t understand how to keep their defences  up-to-date. While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers. The loss of just a few thousand dollars can be devastating and hackers don’t discriminate when casting a wide net. 
 
Hackers are mining for data, passwords and other bits of information that can open the door to a company’s assets. Email scams, password and login theft, malware and ransomware are a;; among the cybercriminals’ primary weapons. 
 
Cyber security threats have been contantly growing in 2019, according to a new report by Crypsis Group, an incident management and digital forensics company. The Crypsis 2020 Incident Response and Data Breach Report, which found that cyber criminals have “significantly escalated tactical approaches” and become more targeted in their actions. 
 
Ransomware attacks and business email compromise (BEC) were the two most impactful cyber threats in 2019 with ransomware demands up  200% last year, and BEC fraud losses averaged $264,000 per incident. 
 
Software as a Service (SaaS) is being increasingly used and is a method of software delivery and licensing in which software is accessed online via a subscription, rather than bought and installed on individual computers. The Covid virus pandemic has forced businesses to start working from home on a massive scale, and SaaS platforms now have switched from being a matter of choice to a necessity. While the long-term advantages of this global switch are yet to be discovered, SaaS security threats are already out there. One of the most threatening is ransomware 2.0.
 
It's a new generation of attacks, using sophisticated types of ransomware, that spreads to the cloud and encrypts SaaS data of cloud services.
 
The average ransom payment was $41,000 in 2019, although yber liability insurance firms say that the  the real cost of a ransomware attack for a company with 50 employees has reached $73,000. This cost includes: Ransom fees, Forensics, Legal Fees, Fines and Penalties and Data Recovery payments. 
 
Ransomware has become a multibillion-dollar industry for cyber criminals, who to maximise their profits, are expanding to new  potential markets with a particular focus on the fast growing Cloud coputing sector.
 
Ransomware Criminals Are Targeting The Cloud 
Cyber-criminal new market opportunities. Many offline businesses are closed due to COVID-19, which reduces new opportunities for cyber-criminals. Phishing attacks are up 667% since the pandemic began. Cyber-criminals seem to be looking for new ways to generate revenue. Cloud services have become mission-critical apps for successful businesses. The spread of coronavirus will push companies to speed up their cloud adoption. Many organisations already can't imagine their business without cloud services. It’s only a matter of time until ransomware starts targeting cloud data.
 
A  Scenario For A  Cloud Ransomware Attack:
 
  • A user gets an email that looks like it was sent from their cloud service provider. It requires the user to click a phishing link to update an app.
  • A user installs a malicious app or a Chrome extension that requests a scope of permissions to access G Suite or Office 365 SaaS data.
  • Once permissions are granted, the app starts encrypting data directly in the cloud.
Ransomware that targets the cloud is here. and we can expect that in  the next one to two years, this evolution will  accelerate, with the emergence of a whole new generation of  ransomware.
 
Back Up Your Data. Use an independent cloud-to-cloud backup provider to back up your sensitive SaaS data to secure cloud storage. AWS, GCP and Azure are the most secure and trusted cloud storage services. Daily backup is a very important part of this process.
 
Protect Yourself Against Phishing. Deploy an anti-phishing monitoring solution. The majority of phishing emails are designed to run ransomware attacks.
 
Monitor Third-Party Apps. Deploy monitoring and risk assessment of the third-party apps installed by your employees, such as marketplace apps, chrome extensions, add-ons, iOS apps, Android apps, non-marketplace apps and any other apps that have access to your SaaS data. Some of the apps can be time bombs and run ransomware attacks when you never expect it.
 
It Important to Train Your Employees to Watch for Cyber Threats. Educate your employees by implementing security awareness training on a quarterly basis. Continue doing all the necessary data security work: Manage files’ permissions and access.  Outline clear security policies, and educate your employees on cyber security matters through corporate training.
 
Crypsis:     Forbes:     SC Magazine:     Insurance Business:      Arkanasa Business: 
 
Business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management please contact Cyber Security Intelligence for a free trial.
 
You Might Also Read: 
 
Cyber Crime Methods Are Evolving:
 
Managing Your Cyber Security, Detection & Response:
 
 
« Blame The Boss For Cyber Attacks
Inside The Deep & The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

ID Quantique (IDQ)

ID Quantique (IDQ)

ID Quantique is a world leader in quantum-safe crypto solutions, designed to protect data for the long-term future.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

Binary Security AS

Binary Security AS

Binary Security is a Norwegian information security consultancy company. We are specialists at application security, penetration testing and secure code reviews.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

ACI Learning

ACI Learning

ACI Learning - Training tomorrow’s industry leaders with formats for all types of learners in Audit, Cybersecurity, and IT.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Obrela Security Industries

Obrela Security Industries

Obrela Security manage cyber exposure, risks and compliance. We identify, predict and prevent cyber threats in real time. As a service, personalised, on demand.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Intellinexus

Intellinexus

Intellinexus turns data into actionable insights to revolutionise decision-making in your business.