Cloud resources are increasingly targeted by cyber criminals
As more businesses migrate to the cloud, they are failing to secure their infrastructure properly
Hackers are increasingly aiming cyber attacks at cloud infrastructure, using it as an entry point to drive other attacks and relying on employees and businesses to misconfigure their infrastructure, leaving it open to attack.
That's according to cyber security firm Symantec's latest Internet Threat Security Report, which noted misconfigured servers and cloud infrastructure are providing tempting targets for cyber criminals.
"The same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud," Symantec's report explained.
"A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet."
The security company explained that hardware chip vulnerabilities, which can be found in the systems that underpin cloud infrastructure, such as Meltdown, Spectre, and Foreshadow are also exposing data to criminals.
The reason for cloud infrastructure to increasingly draw the eye of cyber criminals is that they are looking for alternative ways to generate income as returns from ransomware and cryptojacking attacks are reducing.
The report noted that cyber criminals are also increasingly targeting online retailers to steal customer details using methods such as formjacking.
Formjacking allows criminals to steal user card data while they're shopping online. It involves injecting code into badly-secured checkouts on retailer websites used to steal card details.
Symantec reported that more than 4,800 unique websites are injected with malicious code used in such attacks every month and it had blocked 3.7 million attempts to use such methods to steal card details in 2018.
"Formjacking represents a serious threat for both businesses and consumers," said Greg Clark, CEO at Symantec.
"Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised."
During 2018, Symantec revealed that the number of hackers using more traditional methods of disrupting a company's infrastructure, such as ransomware and cryptojacking had decreased significantly in 2018.
The reasons for this, Symantec cited, was that the value of cryptocurrency has reduced significantly and more businesses are adopting mobile and cloud computing, which makes attacks "less effective".
How to choose an AI vendor
Five key things to look for in an AI vendorDownload now
The UK 2020 Databerg report
Cloud adoption trends in the UK and recommendations for cloud migrationDownload now
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID worldDownload now
The impact of AWS in the UK
How AWS is powering Britain's fastest-growing companiesDownload now