Hackers increasingly targeting cloud infrastructure

As organisations move more of their IT estates and data to cloud environments, criminals are turning to the cloud to exploit its vast computational power and multiply their profits.

This is one of the key findings of the latest report from cyber security firm Check Point, covering the first half of the year.

The report notes that in the first six months of 2018, malware authors proved to be capable of more than previously imagined, with more sophistication and with a new level of agility.

Malware is now rapidly adapting in real-time to security systems offered by security suppliers, the report said, with the top three most common malware variants seen being cryptocurrency miners, which researchers said have become more sophisticated, evasive and even destructive.

One of the biggest trends identified by a wide range of security suppliers so far this year is the increased use of illicit cryptocurrency miners by cyber attackers to generate funds by tapping into victims’ processing power, with the number of organisations impacted doubling to 42% compared with the previous six months.

However, Check Point notes that the practice, known as cryptojacking, has in the past six months been extended from desktops, servers and mobile devices to the cloud environment because of the availability of vast computing resources.

But another significant development is that cloud infrastructure has also become one of the most attractive targets for threat actors because of the vast amount of sensitive data that now resides in the cloud.

Along a wide range of benefits, the report said cloud infrastructure also introduces a new, “fertile and attractive” environment for attackers who crave for the enormous amount of available computing resources and sensitive data it holds.

“Tesla’s cloud servers infected with Monero miner earlier this year and a massive leak of sensitive data of FedEx customers are just two examples of what 2018 has brought to us,” the report said.

There have been a number of sophisticated techniques and tools exploited against cloud storage services so far this year, the report noted.

Several cloud-based attacks, mainly those involving data exfiltration and information disclosure, derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords, the report said.

Application programming interfaces (APIs) that are used to manage, interact and extract information from services have also been a target for threat actors, said Check Point researchers.

The fact that cloud API’s are accessible through the internet has opened a window for threat actors to take advantage and gain considerable access to cloud applications, they said.

“As time passes, it seems that the cloud’s threats will continue to evolve, and attackers will continue to develop more tools for their cloud playground, pushing the limits of the public cloud services,” the report said, adding that as new cloud exploitations emerge, there is no doubt that the next attack is already taking place.

Multi-platform attacks have also risen in the past six months, the report said, mainly due to the rise in the number of consumer-connected devices and the growing market share of non-Microsoft Windows operating systems.

“Campaign operators implement various techniques to take control over the campaigns’ different infected platforms,” the report said.

Another key trend in the first half of the year has been the spread of mobile malware through the supply chain, with several incidences of mobile malware that has arrived already installed on the device.

“In addition, there was an increase in applications readily available on app stores that were actually malware under disguise, including banking Trojans, adware and sophisticated remote access Trojans,” the report said.

Maya Horowitz, threat intelligence group manager at Check Point, said cyber criminals have continued the trend observed at the end of 2017 to take full advantage of stealthy crypto mining malware to maximise their revenues. 

“We’ve also seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging,” she said.

“These multi-vector, fast-moving, large-scale Gen V attacks are becoming more frequent, and organisations need to adopt a multi-layered cyber security strategy that prevents these attacks from taking hold of their networks and data.”

To provide organisations with the best level of protection, security experts must be attuned to the ever-changing landscape and the latest threats and attack methods, the report said.