Cloud infrastructures are a growing target among hackers, a new report by security firm Check Point has revealed.
The company’s Cyber Attack Trends: 2018 Mid-Year Report found that cyber criminals are also aggressively targeting organisations using cryptomining malware to develop illegal revenue streams.
Check Point said the increase in cloud attacks is a new trend. The company found that as organisations move more of their IT estates and data to cloud environments, cyber criminals are turning to the cloud to “exploit its vast computational power and multiply their profits”.
Maya Horowitz, threat intelligence group manager at Check Point, said: “The first half of this year saw criminals continue the trend we observed at the end of 2017, and take full advantage of stealthy cryptomining malware to maximise their revenues.”
Her firm found that so far this year, there have been a number of sophisticated techniques and tools exploited against cloud storage services. Several cloud-based attacks – mainly those involving data exfiltration and information disclosure – derived from poor security practices, including credentials left available on public source code repositories or the use of weak passwords. Cryptominers are also targeting cloud infrastructures to exploit their computational power and multiply profits for threat actors.
In addition, the new report revealed that multi-platform attacks are also on the rise. Check Point explained that up until the end of 2017, multi-platform malware was rare. However, the rise in the number of consumer connected devices and the growing market share of non-Windows operating systems has led to an increase in cross-platform malware. Campaign operators implement various techniques in order to take control over the campaigns’ different infected platforms.
Ms Horowitz went on to say that her company has seen increasingly sophisticated attacks against cloud infrastructures and multi-platform environments emerging. “These multi-vector, fast-moving, large-scale Gen V attacks are becoming more and more frequent, and organisations need to adopt a multi-layered cybersecurity strategy that prevents these attacks from taking hold of their networks and data.”