Cybersecurity firm, CrowdStrike, has reported a substantial increase in the number of data theft cases as compared to ransomware and other malware attacks. Attackers are moving away from conventional malware attacks due to better defense measures in place, and an increase in the value of data. The report identifies a 95% increase in cloud architecture attacks and 33 new threat actors observed in the past year. The rising trend of e-crime and nation-state actors exploiting cloud environments shows how adversaries are adopting knowledge and tradecraft to enhance their abilities.
The report also indicates a surge in identity-based threats, cloud exploitation, nation-state espionage and attacks that re-weaponized previously patched vulnerabilities. Cloud exploitation has increased over three times with threat actors primarily infiltrating containers and other components of cloud operations. As enterprises move towards cloud-native platforms, hackers see this as an opportunity to breach the system. However, cloud-conscious actors gain initial cloud access by using valid accounts, resetting passwords or placing web shells designed to persist in the system, then attempting to get access via credentials and cloud providers’ instance metadata services.
The report found that 80% of cyberattacks used identity-based techniques to compromise legitimate credentials and evade detection. Furthermore, there was a 112% year-over-year increase in advertisements for access-broker services — part of the e-crime threat landscape involved with selling access to threat actors. With the increased use of malware-free activity accounting for 71% of all detections in 2022, adversaries are exploiting valid credentials to facilitate access and persistence in victim environments.
The ease of data extraction as compared to deploying ransomware has also led to a 20% increase in the number of adversaries conducting data theft and extortion. One attacker, known as Slippery Spider, launched high-profile attacks in February and March 2022 that included data theft and extortion targeting Microsoft, Nvidia, Okta, Samsung and others. The group used public Telegram channels to leak data including victims’ source code, employee credentials and personal information.
Another group, Scattered Spider, focused social engineering efforts on customer relationship management and business process outsourcing, using phishing pages to capture authentication credentials for Okta, VPNs or edge devices. They would get targets to share multi-factor authentication codes or overwhelm them with notification fatigue. Data extortion is less risky than deploying ransomware since there is a lower risk of detection.
The movement by threat actors towards data theft and the exploitation of cloud environments highlights the need for companies to employ zero-trust frameworks that continuously monitor their cloud-facing security posture. Continuous monitoring, making changes and customization is key to secure cloud operations in the present and future.
Other Posts you might be interested in:
Microsoft and HPE faced separate breaches by the state-sponsored threat group Midnight Blizzard, with the latter's attack involving data theft from HPE's cloud-based email environment. Both incidents were initiated through password spray attacks, emphasizing the need for organizations to implement multifactor authentication and robust security measures. The challenges posed by nation-state actors underscore the importance of thorough incident response plans and heightened security standards to adapt to the evolving threat landscape.
Read More
A new report suggests that too many firms have IT assets that are outside the sight and control of the security team, or of the software responsible for protecting them. These assets represent an ideal ingress point for attackers as they can exploit your IT Environment without knowledge of the deed, making it a major security risk.
Read More
Following statements made by the White House in May regarding the dangerous uses of AI, the biggest companies spearheading AI development including Google, Meta, Microsoft, OpenAI and Inflection have agreed on a list of eight voluntary commitments, with the ultimate goal of meliorating safety and usage of AI tools.
Read More