[ad_1]
Threats Impacting Cloud Environments
In our first half report, we spotlight an APT group named TeamTNT that has been focusing on clouds for fairly some time now. They’ve targeted most of their efforts on planting crypto-mining malware on cloud servers in an effort to mine Monero cash, however we have now additionally seen them make the most of DDoS IRC bots, steal cloud account credentials, and exfil knowledge. As you possibly can see from the above diagram, all of those are finish objectives for many assaults.
Talking of knowledge exfil, within the first half we noticed APT actors make the most of cloud-based file storage to exfiltrate their stolen knowledge. For instance, we discovered that Conti operators use the cloud storage synchronization software Rclone to add information to the Mega cloud storage service. Equally, DarkSide operators used Mega shopper for exfiltrating information to cloud storage, 7-Zip for archiving, and PuTTY utility for community file transfers. This use of identified, reliable instruments just isn’t new; we name that “residing off the land” and have seen this tactic choose up not too long ago, together with utilization by ransomware actors. Many organizations now want to take a look at methods of monitoring reliable instruments utilization inside their networks to establish any malicious makes use of.
Cloud Safety Structure
When creating your cloud safety structure and technique, you will need to all the time hold the ends in thoughts. On this case, what are the motivation and finish objectives of an attacker?
As you see within the picture above, most cloud assaults are going to fall into one in every of these areas. Relying on what you might be doing as a part of your cloud infrastructure, it’s best to be capable of establish if all or any of those finish objectives may very well be focused in your setting. From there, you possibly can work backwards to develop your technique for shielding these preliminary entry areas tied to the totally different assaults.
A problem many organizations face is that the cloud isn’t easy, and lots of the applied sciences that make up the cloud are new, with new options being deployed on a regular basis. Understanding how these work and – extra importantly – find out how to safe them will be very troublesome. Using a safety platform strategy can assist construct your cloud to be safer, however educating your architects and directors can even assist. One key space is hardening your cloud account credentials, as these will probably be usually focused by malicious actors. Utilizing multi-factor authentication to entry all accounts can reduce this threat tremendously. Check out Development Micro Cloud One, a part of our full cybersecurity platform, to be taught extra.
The cloud is just one side of our full 1H 2021 report. To get extra particulars on all of the totally different threats and assaults we noticed, obtain and browse the total report right here.
[ad_2]