Tech decision makers surveyed by Pulse admitted last time that nearly 3 out of 4 companies (71%) endured a ransomware incident and at least 12 of these incidents involved payments. This shows that ransomware attacks are proving to be a economic business for vicious cyber actors as they constantly put associations’ cybersecurity measures to the test in a host of different sectors where different IT infrastructures are used.
In recent times we’ve seen many incidents involving the encryption of on- demesne bias in companies, public administrations, schools, hospitals, and indeed critical architectures similar as the Colonial Pipeline. But now cybercriminals are also targeting the data and operations that associations store in the Cloud and these attacks are appertained to as “Ransomcloud“.
In Ransomcloud, cybercriminals block data or the use of operations that are in the Cloud and also demand a ransom to let associations recover access. Multiple ways and attack vectors are stationed in this strategy
- Malware has been specifically designed to operate in the Cloud and has become highly sophisticated. Last year we explained in the blog how the Russian APT-28 group had been using the Kubernetes Cloud container platform to break into government institutions and company networks. Cyberattackers also make use of botnets, scripting attacks, and SQL code injections.
- More traditional attack techniques are employed that coincide with those used for ransomware in on-premises systems, such as social engineering through phishing to obtain access credentials to Cloud services or the use of credentials that have been obtained on the dark web after being breached. Hackers also take advantage of the expansion of the attack perimeter due to the surge in remote working. Computers located outside the office are generally more vulnerable and are an easier access vector to an organization’s Cloud.
To help damage from similar incidents, MSPs should cover their customers’ data by following the same practices and procedures described by the National Institute of Norms and Technology (NIST) concerning ransomware in general, but acclimated to the characteristics of the Cloud or hybrid architecture. This means that MSPs must always take into account that data is no longer hosted entirely on an association’s servers, and this affects essential measures similar as file encryption using HTTPS connections and constantly streamlined back-ups to restore lines in the event of an incident. Two clones under different types of storage are recommended, which means ideally one is offline and not in the Cloud.
But all these measures may fall short if associations don’t also have technologies that enable administrators to extend their security perimeter to the Cloud, providing visibility into all data sets and combined with advanced Endpoint Protection, Detection, and Response (EPDR) results, so that they can deal with all forms of malware and suspicious activity, no matter how sophisticated. This enables MSP guests to cover all the data, operations, and services they store in the Cloud from threats.