Threats Impacting Cloud Environments
In our first half report, we spotlight an APT group named TeamTNT that has been concentrating on clouds for fairly some time now. They’ve targeted most of their efforts on planting crypto-mining malware on cloud servers in an effort to mine Monero cash, however we now have additionally seen them make the most of DDoS IRC bots, steal cloud account credentials, and exfil knowledge. As you’ll be able to see from the above diagram, all of those are finish objectives for many assaults.
Talking of information exfil, within the first half we noticed APT actors make the most of cloud-based file storage to exfiltrate their stolen knowledge. For instance, we discovered that Conti operators use the cloud storage synchronization software Rclone to add information to the Mega cloud storage service. Equally, DarkSide operators used Mega shopper for exfiltrating information to cloud storage, 7-Zip for archiving, and PuTTY software for community file transfers. This use of recognized, respectable instruments shouldn’t be new; we name that ‘residing off the land’ and have seen this tactic choose up not too long ago, together with utilization by ransomware actors. Many organizations now want to have a look at methods of monitoring respectable instruments utilization inside their networks to determine any malicious makes use of.
Cloud Safety Structure
When creating your cloud safety structure and technique, you will need to at all times hold the ends in thoughts. On this case, what are the motivation and finish objectives of an attacker?
As you see within the picture above, most cloud assaults are going to fall into one in all these areas. Relying on what you’re doing as a part of your cloud infrastructure, it is best to be capable of determine if all or any of those finish objectives might be focused in your surroundings. From there, you’ll be able to work backwards to develop your technique for shielding these preliminary entry areas tied to the completely different assaults.
A problem many organizations face is that the cloud is not easy, and most of the applied sciences that make up the cloud are new, with new options being deployed on a regular basis. Understanding how these work and – extra importantly – the right way to safe them will be very troublesome. Using a safety platform method can assist construct your cloud to be safer, however educating your architects and directors may also assist. One key space is hardening your cloud account credentials, as these might be usually focused by malicious actors. Utilizing multi-factor authentication to entry all accounts can decrease this danger tremendously. Check out Pattern Micro Cloud One, a part of our full cybersecurity platform, to be taught extra.
The cloud is just one facet of our full 1H 2021 report. To get extra particulars on all of the completely different threats and assaults we noticed, obtain and skim the total report here.