Cybercriminals on Cloud 9

ENISA's Threat Landscape Report 2022 - Part 10 - Supply Chain Attacks

Widespread cloud adoption provides attack opportunities for cybercriminals

The COVID-19 pandemic has expedited the adoption of cloud-based services to facilitate the business processes of organizations. As cybercriminals tend to keep up with the latest technology trends, it is not surprising that they are targeting cloud environments.

The following are the primary ways in which cybercriminals target cloud services.

1. Exploiting cloud virtualization infrastructure 

  • Centralization of resources: Cloud virtualization infrastructure enables multiple virtual machines to run on a single physical server, which means that there is a centralization of resources. This makes it more efficient for organizations to manage their computing resources, but it also makes it more attractive to attackers because they can potentially access multiple systems through a single point of entry.
  • Access to sensitive data: Virtualization infrastructure is often used to host critical business applications and sensitive data, making it an attractive target for attackers. A successful attack on a virtualization platform can potentially give an attacker access to a large amount of valuable data.
  • Complexity: Cloud virtualization infrastructure is complex, with multiple layers of virtualization and interdependent components. This complexity can create new vulnerabilities that attackers can exploit.
  • Shared responsibility: As mentioned earlier, cloud service providers often have shared responsibility with their customers for security. This can create gaps in security if there is a misunderstanding of who is responsible for what.
  • Misconfiguration: Misconfiguration of virtualization infrastructure can result in security vulnerabilities that can be exploited by attackers. These misconfigurations can occur due to human error or a lack of knowledge of the virtualization environment.

2. Using cloud services for hosting their infrastructure

  • Low Cost: Cloud services are relatively cheap, and cybercriminals can rent virtual machines or servers with little to no upfront cost, allowing them to launch attacks without investing much money.
  • Scalability: Cloud services offer scalable infrastructure, allowing cybercriminals to easily increase or decrease the size of their infrastructure as needed. This allows them to launch attacks with large volumes of traffic or resources without being limited by their own hardware limitations.
  • Anonymity: Cloud service providers offer a level of anonymity that cybercriminals can exploit to hide their activities. They can use fake identities or stolen credit cards to pay for services and launch attacks without being traced.
  • Easy access: Cloud services are readily available and easily accessible from anywhere in the world with an internet connection. Cybercriminals can set up and manage their infrastructure remotely, making it more challenging for law enforcement agencies to locate and shut down their operations.
  • High availability: Cloud services offer high availability, which means that cybercriminals can launch attacks 24/7 without worrying about downtime or service interruptions.

 3. Targeting cloud credentials

  • Phishing: One of the most common ways cybercriminals target cloud credentials is through phishing attacks. They create fake login pages or emails that look legitimate to trick users into entering their login credentials. Once the user enters their credentials, the cybercriminals can use them to access the victim’s cloud accounts.
  • Brute-force attacks: Another way cybercriminals target cloud credentials is by using brute-force attacks. They use software or bots to repeatedly guess passwords until they find the correct one. This type of attack is successful when the victim has a weak password or does not use multi-factor authentication.
  •  Credential stuffing: Cybercriminals also use credential stuffing attacks to target cloud credentials. They obtain usernames and passwords from data breaches on other websites and try them on different cloud services. If the victim uses the same credentials for multiple accounts, the cybercriminals can gain access to their cloud accounts.
  • Social engineering: Cybercriminals also use social engineering techniques to obtain cloud credentials. They may impersonate a trusted person or organization and trick the victim into revealing their login credentials.
  • Malware: Cybercriminals can also use malware to steal cloud credentials. They infect a user’s computer or device with malware, which captures their keystrokes or monitors their web activity to obtain their login credentials.

4. Exploiting misconfigured image containers

  • Gaining unauthorized access: Misconfigured image containers can allow cybercriminals to gain unauthorized access to the underlying host system. They can exploit this access to conduct further attacks, such as installing malware, stealing data, or launching DDoS attacks.
  • Escalating privileges: Misconfigured image containers can also allow cybercriminals to escalate their privileges and gain more control over the host system. They can exploit vulnerabilities in the container software or misconfigured settings to gain root access to the underlying host system.
  • Exfiltrating data: Cybercriminals can also use misconfigured image containers to exfiltrate sensitive data from the host system. They can exploit vulnerabilities or weak configurations in the container software to gain access to the host system’s data and extract it to their own servers.
  • Deploying malicious code: Cybercriminals can deploy malicious code in misconfigured image containers to conduct further attacks. For example, they can deploy cryptomining software, ransomware, or backdoors to gain persistent access to the host system.
  • Launching lateral attacks: Misconfigured image containers can also allow cybercriminals to launch lateral attacks against other systems within the same network. They can exploit vulnerabilities in the container software or host system to gain access to other systems and conduct further attacks.

 5. Targeting cloud instances for cryptomining

  • Cybercriminals target cloud instances for cryptomining by using various techniques, such as exploiting misconfigured security settings, scanning for vulnerable instances, or using malware to deploy cryptomining software. To protect against cryptomining attacks, cloud users should implement strong security measures, such as regularly monitoring cloud instances, patching vulnerabilities promptly, and limiting access to cloud resources. Additionally, using endpoint security software and network firewalls can help detect and block cryptomining attacks.
About this article
This article was written based on the ENISA’s Threat Landscape Report 2022. To read the full version of the report click here.

Add a comment


Submit a Comment

Your email address will not be published. Required fields are marked *