The significant move towards remote work has seen more businesses migrating to the cloud than ever before.
While this shift has certainly enabled a more seamless workforce, it has also created new opportunities for cyber criminals. Yes, the cloud enables flexible remote working, but in doing so it creates ‘flexible’ network security and loopholes for malicious hackers to gain access to all kinds of sensitive data.
The cloud is also an attractive point of attack for bad actors as it contains mission critical data, trade secrets, tax information, and personal information from both employees and customers. All of these are critical to a business and subject to data privacy laws like GDPR.
This has resulted in the rise of cloudjacking and cloud mining. A good cyber resilience strategy will have to include an increased security posture to combat this, so businesses should consider the below insights to better understand and protect against these cloud-related threats.
What are cloud jacking and cloud mining?
Both activities operate by targeting the near infinite resources of the cloud to generate profit. Cloudjacking occurs when attackers get access to a person’s or business’ cloud and deny access to the owner in return for Bitcoin. This is in some ways similar to the increasingly popular criminal ransomware business model. After the attacker working to cloudjack obtains access to an entity’s cloud, their files are then locked, and owners often must pay a hefty sum in order to gain access to their data again. Unfortunately, this isn’t the only way for cyber criminals to earn a profit. Cloud mining is another tactic that involves leveraging cloud resources to mine cryptocurrency. This often goes unnoticed by businesses as attackers strategically scale the cloud resources (CPU) so legitimate demand is unaffected to reduce the risk of being caught.
Cyber criminals are experts in disguising their activity by throttling the number of resources they’re stealing – particularly when targeting smaller businesses. This differs from tactics geared toward larger businesses that traditionally make the best targets because their volume of enterprise grade hardware and power will yield much higher profits. Excess electricity consumption is one of the most common signs of cloudjacking or cloud mining so monitor this to stay vigilant.
Who is at risk?
Cloud is essentially a new market for these cybercriminals. Small and medium sized businesses (SMBs) have become attractive targets as they often share their cloud infrastructure with other businesses, and usually with lacking access control. This is a treasure trove of data for hackers as they are able to reach multiple organisations’ data.
In the past, SMBs may have been able to overcome a ransomware attack on a single computer. However, in the current environment, data and services stored and run through cloud are critical for daily business. Many would be crippled if they lost access to public or private cloud assets.
This reinforces the need for SMBs to prioritise a cyber resilience strategy and related initiatives. By adopting cyber resilient practices and multiple layers of defense, SMBs can significantly diminish and reduce their overall risk.
How can businesses protect themselves?
Cloudjacking and cloud mining can cause serious harm to any business’s security and reputation. To better safeguard against these attacks, it is key to work with your IT team or managed service provider closely. Here are a few actions to consider:
One of the most essential steps to ensuring cyber resiliency is to have a plan in place for access controls. Employees and contractors should have varying access to files and systems based on their position and purview. Only a very small number of admins should have access to change the versioning or permanence settings of data in cloud backup solutions. This way if an employee with regular access were to fail a phishing attempt and give over credentials, the criminal couldn’t inflict lasting damage to that employee’s files in the cloud. Also, multifactor authentication, or MFA, should be used whenever possible to augment any access control strategy and overall security posture.
Monitoring configurations and networking traffic
Monitoring configurations and networking traffic are two more tactics that will allow businesses to defend against cloudjacking and cloudmining. Misconfigured cloud is one of the more common ways for cybercriminals to disrupt cloud services. By working closely with an internal or third-party IT team with the necessary expertise, suspicious activity will be flagged faster and more easily. Security oversight of DevOps teams setting up cloud applications is crucial to maximise protection against cybercriminals.
Ongoing education into the latest cloud-related threats will help organisations adjust their overall security posture and defences. Understanding how cloud resources can be manipulated by cybercriminals is key for SMBs to combat attacks against their infrastructure and part of a good cyber resilience strategy.
Tyler Moffitt is Senior Security Analyst, Carbonite + Webroot.