Misconfigured cloud storage a goldmine for attackers

More than 70 million records were stolen or leaked in 2018 due to poorly configured Amazon S3 cloud storage buckets, according to new research from Symantec.

The company's annual Internet Security Threat Report found that cloud resources are increasingly rich sources of stolen data for identity thieves.

Enterprises are making the same security mistakes with the cloud as they made on PCs during their initial adoption by the enterprise, despite the high stakes — a single misconfigured cloud workload or storage instance could cost a company millions of dollars, the report states.

In 2018 alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets.

The report also identifies the emergence of numerous tools that allow attackers to identify misconfigured cloud resources to target.

But according to the report, the fastest growing threat of 2018 involved formjacking, or inserting malicious codes into legitimate sites to skim online shoppers' payment card details. Symantec said it had blocked more than 3.7 million such attacks during the year.

Cybercriminals are estimated to have collected tens of millions of dollars last year through formjacking attacks. In recent months, a number of well-known retailers' online payment websites were compromised, including Ticketmaster and British Airways.

Cryptojacking attempts meanwhile grew fourfold in 2018 compared to 2017. Cryptojacking involves hijacking a processing power and cloud CPU usage from consumers and enterprises to mine for cryptocurrency for the attacker.

But due in large part to declining cryptocurrency values, these attacks are yielding diminishing returns.

Likewise, growing adoption of cloud and mobile-based computing as a substitute for PC-based computing led to the first decline in ransomware infections since 2013, Symantec said. Total infections fell 20% for the year, although enterprise ransomware infections increased by 12%.

Another trend identified in the report includes the widespread adoption of "living of the land" techniques to avoid detection. These techniques involve hiding attack activity in a mass of legitimate processes, such as by abusing PowerShell scripts.

Attackers are also increasingly seeking to exploit weaknesses in the software supply chain, and are increasing their use of conventional attack methods such as spearphishing to infiltrate organisations.

Image credit: ©cookiecutter/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.