Move to the cloud opens opportunities for cybercriminals
The rapid shift of applications and infrastructure to the cloud creates gaps in security according to a new threat report from security platform Lacework.
This increases the opportunities for cybercriminals to steal data, take advantage of an organization's assets, and to gain illicit network access.
This also boosts opportunities for initial access brokers as Lacework Labs finds Amazon AWS, Google Cloud, and Azure administrative accounts gaining popularity in underground marketplaces.
"It's in enterprises' best interest to start thinking of cybercriminals as business competitors," says James Condon, director of research at Lacework. "Last year alone, cybercrime and ransomware attacks cost companies $4 billion in damages. As more companies shift to cloud environments, we're seeing an increase in demand for stolen access to cloud accounts and evolving techniques from cybercriminals, making enterprises even more vulnerable to cloud threats."
The report also highlights a number of evolving threat campaigns. These include a new cluster of activity linked to an 8220 Gang adversary group campaign of infecting hosts, primarily through common cloud services, with a custom miner and IRC bot for further attacks and remote control. Also threat actor TeamTNT has been backdooring legitimate Docker Images in a supply chain-like attack. There has been an increase in the illicit use of Cpuminer for cryptomining, along with continued probing of cloud services.
Lacework recommends that companies ensure Docker sockets are not publicly exposed and appropriate firewall rules/ security groups and other network controls are in place. In addition they should ensure the access policies set via the console on S3 buckets are not being overridden by an automation tool.
You can find out more and get the full report from the Lacework site.