Image: Aïda Amer/Axios
Hackers are quick to find vulnerabilities in corporate cloud infrastructure, despite believing the technology is resilient to cyberattacks.
The big picture: Businesses have invested billions of dollars in recent years to move their digital data from traditional on-premises enterprise storage solutions to the cloud. That investment is expected to continue growing, reaching nearly $600 billion this year.
- The high price of moving data was paid for one main reason: it’s much more difficult for hackers to break into an organization’s cloud systems.
- However, recent research and incidents underscore how quickly malicious hackers are adapting to the new reality.
Driving the news: Attacks exploiting cloud systems have nearly doubled in 2022, and the number of hacker groups targeting the cloud has tripled in the past year, according to a CrowdStrike report released last week.
- A widespread ransomware attack last month targeted a vulnerability in a popular VMware machine used in cloud systems, leaving thousands of systems vulnerable.
- Bloomberg reported last month that the recent disclosure of about a terabyte of Pentagon emails was likely due to a cloud configuration error.
What you say: “As more organizations move to the cloud, it becomes more attractive to these threat actors, and they devote more time and resources to penetrating that environment,” said Adam Meyers, senior vice president of intelligence at CrowdStrike , Axios.
- “Everyone does it. We saw 17-year-olds and we saw the Russian SVR.”
Using the numbers: According to a September report by Venafi, about eight in 10 organizations said they had a cloud security incident in the last year.
- According to the study, 45% of organizations that faced a cloud security incident experienced at least four attacks during that time period.
Between the lines: The cloud is still far more secure than traditional systems, Meyers said, but a big driver of attacks are the vulnerabilities accidentally injected when companies customize cloud tools for their specific systems.
- As a result, most organizations fail to update their legacy cybersecurity tools to detect these cloud configuration errors, Meyers added.
The Intrigue: Many hackers quickly build skills to target cloud storage because it can be so rewarding.
- With traditional on-premises server attacks, malicious hackers typically need their own port-scanning tools to identify what systems are in an organization and where the vulnerabilities and exploits are located.
- But during cloud attacks, those port scanners aren’t needed, Meyers said. Malicious hackers who can navigate a cloud environment can use native tools within the environment to more stealthily search and determine what data is available.
- “You have created a Mentos Safety: Crispy on the outside, soft and chewy on the inside,” Meyers said.
Yes but: Attacks targeting the cloud still start the same way as on-premises attacks: with employee credentials stolen.
- For example, cloud security firm Mitiga warned last week that when hackers use legitimate credentials to break in, the Google Cloud platform does not keep a proper activity log of the malicious actor’s actions, cyber journal Dark Reading reports.
The bottom line: As IT spending on the cloud continues to increase, organizations need to ensure they also review their security settings to ensure they can deal with new cloud-related roadblocks.
Sign up for Axios’ Codebook cybersecurity newsletter here.
