Estimated reading time: 3 minutes, 2 seconds

Cloud Systems are Hosting Ransomware Featured

Cloud Systems are Hosting Ransomware "Laptop displaying a pirate flag \/ jolly roger on a red screen, possibly indicating malware, hackers or a different computer problem."

The recent surge in ransomware attacks against cloud hosting platforms has left many organizations scratching their heads, wondering about the security of their systems. When cyber-attacks are used to compromise hosted systems, it impacts data and can also expose critical customer data. Unlike in the past, where ransomware was used target organizations and their systems, malicious individuals are now targeting cloud systems of big cloud service providers. Like never before, the challenge posed by these threats has proven to be growing. According to statistics by the FBI, US businesses lost more than $3 million as payment of ransom to hackers in 2018 alone. This does not include lost businesses, wages, data, and time that were lost in the process.

These attacks which are usually delivered through spear-phishing emails, block users from accessing systems and data until a ransom is paid. The victims that are targeted by the hackers are rich multinationals that have the potential to pay the ransom that is demanded.

Cloud service providers such as Amazon are now facing a serious threat on their platforms. Amazon’s CloudFront was compromised and used to host the Command & Control (C&C) infrastructure. This platform has been used successfully for ransomware on at least two multinationals in the food and services sectors, according to Symantec.

For CloudFront, their content delivery network (CDN) meant to allow businesses and application developers a simple and cost-effective way to share content with low latency, and speed was hijacked and used to spread the ransomware payloads. The CloudFront CDN allowed hackers to register S3 buckets for static content then use API calls to distribute malicious content from Amazon CloudFront service. These attacks take advantage of configuration vulnerabilities and weak services to deploy destructive ransomware payloads.

Like any other large-scale and easily accessible online service, the bad actors take advantage of these useful services to carry out their malicious campaigns. Malware is delivered through otherwise legitimate tools and remote access platforms that, if used well, could be beneficial to businesses and individuals. While ransomware is the main action taken, human operators deliver other malicious payloads through the cloud hosting platforms to steal crucial information such as credentials and access or infiltrate data from the compromised networks.

News about ransomware attacks often revolves around the effects they cause, such as payment of ransom, and the details of the attack. They leave out details of other damages such as the downtimes they cause, and domain compromise that results from successful attacks. Through successful, long-running campaigns that lead to long network compromise, the attacks, and compromise of organizations networks with their stealth nature.

Fighting and preventing malware attacks, as evident from the shift of attacks from organizations to service providers, will require a change in the mindset in the future. The future prevention campaigns should concentrate on comprehensive deterrence of attackers that slows down and stops attackers before they gain access to systems. These attacks will continue taking advantage of security weaknesses in cloud systems to deploy harmful payloads. This will be so until defenders those responsible for the defense apply security best practices in their cloud systems.

Cloud service providers should ensure that they have robust backups going forward. They must take data backup and protection seriously to ensure that they have a source of recovery in case of a successful ransomware attack. The backup should consist of having about three copies of data, with two of them stored in separate media while one is stored in an offsite location. By using an offsite data backup solution, businesses will have an easy time restoring data if bad actors lock them out with the intention of demanding ransom.

Read 2787 times
Rate this item
(0 votes)
Scott Koegler

Scott Koegler is Executive Editor for PMG360. He is a technology writer and editor with 20+ years experience delivering high value content to readers and publishers. 

Find his portfolio here and his personal bio here

scottkoegler.me/

Visit other PMG Sites: