Cloud resources are increasingly targeted by cyber criminals

As more businesses migrate to the cloud, they are failing to secure their infrastructure properly

Blue square background with a yellow cloud superimposed, with a cut-out key icon on it to represent cloud security

Hackers are increasingly aiming cyber attacks at cloud infrastructure, using it as an entry point to drive other attacks and relying on employees and businesses to misconfigure their infrastructure, leaving it open to attack.

That's according to cyber security firm Symantec's latest Internet Threat Security Report, which noted misconfigured servers and cloud infrastructure are providing tempting targets for cyber criminals. 

"The same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud," Symantec's report explained. 

"A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet." 

The security company explained that hardware chip vulnerabilities, which can be found in the systems that underpin cloud infrastructure, such as Meltdown, Spectre, and Foreshadow are also exposing data to criminals.

The reason for cloud infrastructure to increasingly draw the eye of cyber criminals is that they are looking for alternative ways to generate income as returns from ransomware and cryptojacking attacks are reducing. 

The report noted that cyber criminals are also increasingly targeting online retailers to steal customer details using methods such as formjacking.

Formjacking allows criminals to steal user card data while they're shopping online. It involves injecting code into badly-secured checkouts on retailer websites used to steal card details.

Symantec reported that more than 4,800 unique websites are injected with malicious code used in such attacks every month and it had blocked 3.7 million attempts to use such methods to steal card details in 2018.

"Formjacking represents a serious threat for both businesses and consumers," said Greg Clark, CEO at Symantec.

"Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised."

During 2018, Symantec revealed that the number of hackers using more traditional methods of disrupting a company's infrastructure, such as ransomware and cryptojacking had decreased significantly in 2018.

The reasons for this, Symantec cited, was that the value of cryptocurrency has reduced significantly and more businesses are adopting mobile and cloud computing, which makes attacks "less effective".

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021

Most Popular

Star Alliance passenger data stolen in SITA data breach
data breaches

Star Alliance passenger data stolen in SITA data breach

5 Mar 2021
I went shopping at Amazon’s till-less supermarket so that you don’t have to
automation

I went shopping at Amazon’s till-less supermarket so that you don’t have to

5 Mar 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021