As organisations race to improve agility and operational efficiency, more and more are turning to the cloud.
But as adoption of cloud increases, inevitably so too do the risks. Many organisations do not have the skills or technology needed to maintain visibility and security of cloud environments, and if not addressed before cloud transformation begins, could soon find themselves at the mercy of cyber attackers.
Are Organisations Cloud Competent?
It’s well known that there is a skills shortage in the cybersecurity sector. However, the migration of data and applications into the cloud has only added to the complexity of cybersecurity, making the acquisition of skills harder. According to Bridewell research, 68% of cyber decision-makers in critical infrastructure organisations say it has become harder to recruit the right resources to secure and monitor systems.
Perhaps more worrying, four in ten don’t believe they have the skills to monitor threats in the cloud – a requisite for proactively discovering vulnerabilities within increasingly interconnected cloud-based infrastructures. Added to this is the fact that cloud misconfiguration still remains a top attack vector and the perfect bait for skilled human actors to deploy ransomcloud, so cloud security is not something that companies can afford to take lightly.
The Rise of Ransomcloud
We are continuing to see cloud based systems, services and data being targeted by ransomcloud – attacks that target or take advantage of weaknesses or legitimate functionality in cloud resources to deploy malware, encrypt data and extort money from businesses. Any business using the cloud is a target, but businesses that lack maturity in architecting secure cloud services are particularly vulnerable.
Cyber criminals have multiple methods to gain access to the sensitive data held in the cloud. This could be through exploiting vulnerabilities in cloud services to gain control, or web applications for deployment of web shells and malware. Other techniques involve valid credentials being stolen to gain privileged access to cloud consoles, or OAuth app consent phishing and other identity attacks which result in the encryption of storage via malicious apps.
Going Back to Basics
With cyber risks abound, it is critical that organisations put in place sufficient measures to mitigate the cloud ransomware threat. Yet, many are failing to master the basics. Only 36% have a security information and event management (SIEM) platform, just 42% have deployed a cloud access security broker and only 46% are using cloud storage services with in-built ransomware protection, according to Bridewell research.
Of course, every organisation wants a shield protecting its operations but doesn’t want it to hinder business mobility. However, beyond just ransomcloud, failure to prepare for any kind of ransomware attack, whether it’s targeted at an on-premise, hybrid or cloud environment, is short-sighted.
Not only can such attacks be detrimental to business operations and result in significant reputational damage, but they can leave organisations with no choice but to pay the ransom, which aside from being illegal in some countries, only further fuels the crisis. So where does the solution lie?
Education. Education. Education. It’s the key to mitigating the cloud ransomware threat. IT, security and end users need to be fully informed on how attacks such as ransomcloud are performed, how they can protect against them and how an incident can be reported. It also pays to have the appropriate technology in place, including strong endpoint, email and cloud app detection and response capabilities.
Any alerts should be sent to a central SIEM/SOAR platform where they can be monitored 24/7 and automated response implemented where sensible. Threat intelligence services should also be used to provide early warning of an attack.
Finally, if all else fails and operations are breached by a ransomcloud attack, organisations must have an effective incident response plan in place, alongside an accompanying regularly-tested playbook that covers ransomware in the cloud. This should be subject to regular testing and supported by segmentation of backups, with pins or dual authorisation mechanisms to prevent backups from being disabled, or automatically overwritten by corrupt or encrypted data.
Ultimately, every cloud will benefit from a cyber lining as ransomware attacks including those against the cloud continue to grow.
By Gavin Knapp, Cyber Defence Technical Lead at Bridewell.