Cloud resources are increasingly targeted by cyber criminals

As more businesses migrate to the cloud, they are failing to secure their infrastructure properly

Blue square background with a yellow cloud superimposed, with a cut-out key icon on it to represent cloud security

Hackers are increasingly aiming cyber attacks at cloud infrastructure, using it as an entry point to drive other attacks and relying on employees and businesses to misconfigure their infrastructure, leaving it open to attack.

That's according to cyber security firm Symantec's latest Internet Threat Security Report, which noted misconfigured servers and cloud infrastructure are providing tempting targets for cyber criminals. 

"The same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud," Symantec's report explained. 

"A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet." 

The security company explained that hardware chip vulnerabilities, which can be found in the systems that underpin cloud infrastructure, such as Meltdown, Spectre, and Foreshadow are also exposing data to criminals.

The reason for cloud infrastructure to increasingly draw the eye of cyber criminals is that they are looking for alternative ways to generate income as returns from ransomware and cryptojacking attacks are reducing. 

The report noted that cyber criminals are also increasingly targeting online retailers to steal customer details using methods such as formjacking.

Formjacking allows criminals to steal user card data while they're shopping online. It involves injecting code into badly-secured checkouts on retailer websites used to steal card details.

Symantec reported that more than 4,800 unique websites are injected with malicious code used in such attacks every month and it had blocked 3.7 million attempts to use such methods to steal card details in 2018.

"Formjacking represents a serious threat for both businesses and consumers," said Greg Clark, CEO at Symantec.

"Consumers have no way to know if they are visiting an infected online retailer without using a comprehensive security solution, leaving their valuable personal and financial information vulnerable to potentially devastating identity theft. For enterprises, the skyrocketing increase in formjacking reflects the growing risk of supply chain attacks, not to mention the reputational and liability risks businesses face when compromised."

During 2018, Symantec revealed that the number of hackers using more traditional methods of disrupting a company's infrastructure, such as ransomware and cryptojacking had decreased significantly in 2018.

The reasons for this, Symantec cited, was that the value of cryptocurrency has reduced significantly and more businesses are adopting mobile and cloud computing, which makes attacks "less effective".

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Four in five ransomware victims suffer repeat attacks
ransomware

Four in five ransomware victims suffer repeat attacks

16 Jun 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021