Cybersecurity firm, CrowdStrike, has reported a substantial increase in the number of data theft cases as compared to ransomware and other malware attacks. Attackers are moving away from conventional malware attacks due to better defense measures in place, and an increase in the value of data. The report identifies a 95% increase in cloud architecture attacks and 33 new threat actors observed in the past year. The rising trend of e-crime and nation-state actors exploiting cloud environments shows how adversaries are adopting knowledge and tradecraft to enhance their abilities.
The report also indicates a surge in identity-based threats, cloud exploitation, nation-state espionage and attacks that re-weaponized previously patched vulnerabilities. Cloud exploitation has increased over three times with threat actors primarily infiltrating containers and other components of cloud operations. As enterprises move towards cloud-native platforms, hackers see this as an opportunity to breach the system. However, cloud-conscious actors gain initial cloud access by using valid accounts, resetting passwords or placing web shells designed to persist in the system, then attempting to get access via credentials and cloud providers’ instance metadata services.
The report found that 80% of cyberattacks used identity-based techniques to compromise legitimate credentials and evade detection. Furthermore, there was a 112% year-over-year increase in advertisements for access-broker services — part of the e-crime threat landscape involved with selling access to threat actors. With the increased use of malware-free activity accounting for 71% of all detections in 2022, adversaries are exploiting valid credentials to facilitate access and persistence in victim environments.
The ease of data extraction as compared to deploying ransomware has also led to a 20% increase in the number of adversaries conducting data theft and extortion. One attacker, known as Slippery Spider, launched high-profile attacks in February and March 2022 that included data theft and extortion targeting Microsoft, Nvidia, Okta, Samsung and others. The group used public Telegram channels to leak data including victims’ source code, employee credentials and personal information.
Another group, Scattered Spider, focused social engineering efforts on customer relationship management and business process outsourcing, using phishing pages to capture authentication credentials for Okta, VPNs or edge devices. They would get targets to share multi-factor authentication codes or overwhelm them with notification fatigue. Data extortion is less risky than deploying ransomware since there is a lower risk of detection.
The movement by threat actors towards data theft and the exploitation of cloud environments highlights the need for companies to employ zero-trust frameworks that continuously monitor their cloud-facing security posture. Continuous monitoring, making changes and customization is key to secure cloud operations in the present and future.
Other Posts you might be interested in:
IBM X-Force research led by Stephanie "Snow" Carruthers finds human-crafted phishing emails perform 3% better than AI-generated ones. The study, conducted in the healthcare sector, emphasizes the need for businesses to focus on human-centric email security
Read More
Google Cloud has made its Assured Open Source Software platform free, which provides access to vetted open source software packages. The program includes over 1,000 Java and Python packages and features advanced security testing methods to ensure the packages are safe and reliable for developers to use.
Read More
Explore the prevalent cybersecurity threats businesses face, including phishing attacks, ransomware, and insider threats. Discover the importance of partnering with a cybersecurity firm for tailored defense strategies, and why DeepBlue Computers is a good choice for your cybersecurity needs.
Read More