Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

7/13/2018
09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Attackers Increasingly Turning Attention to the Cloud

In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.

The cloud became an increasingly popular target in the first half of this year for cybercriminals looking to do everything from stealing data to siphoning compute power to mine cryptocurrencies, according to cybersecurity software provider Check Point Technologies.

In the company's "Cyber Attack Trends: 2018 Mid-Year Report," researchers reiterated the fast-growing trend in cryptomining malware that has been ongoing since the end of last year. However, cryptomining malware also has been evolving quickly in how it's delivered and is now making its way into the cloud, according to Maya Horowitz, group manager of threat intelligence at Check Point. The evolution dovetailed with another finding by the company, that of hackers making a move into the cloud. (See Cryptomining Malware, Cryptojacking Remain Top Security Threats.)

The number of organizations hit by cryptomining malware doubled to 42% in the first six months of the year, according to the report. The three most common variants of malware -- Coinhive, Cryptoloot and JSEcoin -- were cryptominers, which is used to take CPU or GPU power from a victim's system to mine cryptocurrencies, and can use as much as 65% of the CPU power, researchers said.

However, the methods of gaining access to that power and the targets of the malware is rapidly evolving, Horowitz told Security Now in an email.

"First, they were sent as any other malware that needs to find a way to be executed on a PC," she wrote. "Then, they solved the execution issue by running the mining activity within the Internet browser, as victims browse to certain websites. To expand, they started attacking mobile devices. The next step was attacking web servers, which obviously have far greater computation power than a PC, browser or mobile device. The last evolvement was attacking cloud infrastructure; with auto-scaling, these attacks maximize on computation resources. So, the attacks today are not only more prevalent, but also more cost-effective."

Cloud infrastructures also became more popular targets for attackers looking for data, given the trend among enterprises to move more of their data and workload to the cloud. According to Check Point researchers, there were several cloud-based attacks with the aim of stealing data that were the result of poor security practices, such as weak passwords and credentials remaining on public source code repositories. That poor security is helping to fuel attacks on cloud environments, Horowitz said. (See How the Cloud Is Changing the Identity & Access Management Game.)

"While with classic networks, there's a best practice that's been built in the last 25 years, cloud environments are new and organizations are still confused on how to protect them," she added. "This means too many of these environments are not segmented, there's poor authentication and access control, and sometimes not even security at the entering point, as organizations falsely assume they are protected by the cloud provider. Therefore, these attacks are very lucrative as they're both easier and lead to more data."

The Check Point analysts also noted two other trends.


Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

One was the delivery of malware that already was installed in mobile devices through the supply chain rather than downloaded from a malicious site or through malware in apps from app stores. In addition, multi-platform malware, which was still a rarity by the end of 2017, is becoming more common, due in large part to the growing numbers of connected consumer devices and the increasing presence of non-Windows operating systems.

"Cross-platform attacks are the most advanced attacks that we see today," Horowitz noted. "They are less 'off the shelf' and demonstrate The Fifth Generation of attacks -- attacks that will try to get in through any door, window or chimney, which calls us to protect all entering points so that there's no weak link -- PC, cloud, mobile, etc."

Looking at the threat environment as a whole, she said she sees two parallel trends.

"One is that lazy threat actors are buying $10 malware and using them in large-scale attacks, and recycling 5+-year-old exploits in these attacks," Horowitz wrote. "This shows the importance of security patching and classic protection measures. The other trend is some sophisticated actors who take the time to develop attacks against new types of platforms (cloud, mobile) and even multi-platform, using zero-day vulnerabilities. For this reason, using zero-day protection on all platforms is highly important."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
CVE-2020-8247
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...