The Cloud Is Beginning To Attract Criminal Extortion

Uploaded on 2020-02-19 in TECHNOLOGY--Developments, TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ransomware software that encrypts the victim’s files and holds them hostage unless and until the victim pays a ransom in Bitcoin, has emerged as a potent and increasingly common threat online. 

But many Internet users are unaware that ransomware also can just as easily seize control over files stored on cloud services.

The best defense against ransomware is a good set of data backups that are made each day, preferably to a device that is not always connected to the network. Unfortunately, this is often easier said than done, especially for small businesses. 

For many ransomware victims who do not have backups to rely upon, the choice of whether to pay comes down to the question of how badly the victim needs access to the ransomed files, and whether the files lost are worth more than the ransom demand.As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximise profits. Ransomware is now a billion-dollar enterprise for cybercriminals, and, as in any industry, it has evolved over time to become more efficient and maximise profits. 

Hackers have transitioned away from launching ransomware attacks indiscriminately in bulk and are now specifically targeting high-value targets within the companies and industries most likely to pay higher ransoms for the safe return of their files. 

When ransomware first hit the scene in 2013 with CryptoLocker, attackers targeted anyone and everyone, from CEOs to senior citizens. Even if just a small percentage of victims paid the relatively small ransom, attackers were sending out such a high volume of ransomware that they'd still make money. As ransomware success rates decreased due to improvements in antivirus protections. Instead, attackers began targeting industries in which businesses can't function with any downtime, most prominently health care, state and local government, and industrial control systems. 

Attackers picked their targets more carefully, devoted more time and effort to breaking in, and asked for larger ransoms. In short, they adapted their tactics to maximize profits.

Expert analysts like Brian Krebs think that  believe ransomware will target the cloud for three reasons.

  • First, the cloud has been left largely untouched by ransomware so far, so it's a new market opportunity for attackers.
  • Second, the data and services stored or run through the cloud are now critical to the day-to-day operations of many businesses.

Five years ago, a company might have been able to function without its cloud deployment in the short term, so the pressure to pay a ransom wouldn't have been as high. Now, most businesses will be crippled if they lose access to their public or private cloud assets. That creates the same intense pressure to restore services quickly that we've seen with hospitals, city governments, and power plants over the last few years.

  • Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. 

Cloud Security
To prevent cloud ransomware attacks, businesses need cloud security. Many smart IT people believe they don't need to worry about securing data in an infrastructure-as-a-service (IaaS) deployment because Microsoft or Amazon will handle it for them. 
While most public cloud providers do supply basic security controls, they may not include all of the latest security services needed to prevent more evasive threats. For example, most IaaS providers offer some form of basic anti-malware protection, but not the more sophisticated behavioral or machine learning-based anti-malware solutions available today.  

WatchGuard research has found that between a third and half of all malware attacks use evasion or obfuscation techniques to bypass traditional, signature-based antivirus solutions. 

Without more proactive anti-malware, modern ransomware could skirt right past basic cloud security controls. Fortunately, you can get a virtual or cloud version of most network security solutions on the market today, and I suggest using these to secure your cloud environments.

Misconfigurations and human mistakes made while setting up cloud permissions and policies create weak spots that attackers can exploit to deliver ransomware. 

Every organisation using a public or private cloud should harden these environments by properly securing S3 bucket configurations, closely managing file permissions, requiring multifactor authentication for access, and more. There are many "cloud hardening" guides that can help with this, and I recommend that anyone new to the cloud look into them.

The good news is that the cloud can be secured with many of the same best practices that apply to physical networks. Make every effort to keep your cloud deployments safe and secure today. In the future, you might be glad you did.

Dark Reading:       WatchGuard:        Krebs On Security

You Might Also Read: 

On Demand Webinar: How to secure app pipelines in AWS:

Attack Vectors Are Proliferating:

 

 

« Counting The Ways That AI Can Boost Business
Charming Kittens: Phishing Emails From Iran »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Direct Recruiters Inc

Direct Recruiters Inc

Direct Recruiters is a relationship-focused search firm that assists IT Security and Cybersecurity companies with recruiting high-impact talent.

Verve Industrial

Verve Industrial

Verve specialize in providing software and services to help protect and secure critical industrial control systems.

Neowave

Neowave

Neowave designs, manufactures and markets strong authentication solutions based on smart card components and digital certificates.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Citadel Cyber Security

Citadel Cyber Security

Citadel is a leading 'One Stop Shop' provider of consulting services in cyber and information security. Our experts operate in hundreds of business organizations in Israel and around the world.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Anvilogic

Anvilogic

Anvilogic provides a unifying experience for security professionals aimed at providing improved visibility, enrichment, and context across hundreds of alerting datasets and security tools.

Cognna

Cognna

Cognna's innovative platform is designed to empower you and your team, providing the tools you need to detect, prevent, and resolve threats with ease.

TraitWare

TraitWare

The TraitWare mission is to increase user and company security while simplifying access to digital and physical resources through the elimination of the need for usernames and passwords.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.