Cloud computing’s mobility and ease of access makes it one of the most convenient choices for any modern organization. While using the cloud, though, companies are becoming more and more susceptible to security threats.
Most Companies Don’t Protect Their Sensitive Cloud Data
Almost 40% of organizations have experienced a security breach involving cloud storage in the last 12 months, but despite the rise in cyberattacks targeting cloud data, most companies (83%) still don’t encrypt half of this sensitive data, according to the Thales Global Cloud Security 2021 study, commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence.
“Cloud solutions are increasingly being used, and companies continue to diversify how they use them. Globally, 57% of respondents said they use two or more Cloud infrastructure providers, while nearly a quarter (24%) of organizations reported that the majority of their data now resides in the Cloud,” the study said.
According to the study, 21% of companies store most of their sensitive data in the Cloud, and 40% reported a breach in the past year. There are some common trends in the strategies adopted by companies when looking for solutions to secure their cloud infrastructure. 33% said that multi-factor authentication (MFA) is a central part of their cybersecurity strategy. However, only 17% of those surveyed had encrypted more than half of the data they store in the Cloud. The number of organizations that have adopted a multi-cloud approach looks even worse, coming in at a dismal 15%.
Even when companies protect their data through encryption, 34% leave control of the encryption code to the providers instead of keeping it themselves. Globally, 48% of business leaders admitted their organizations have no Zero Trust strategy, while a quarter (25%) are not even considering adopting one.
Companies have common concerns about the complexity of cloud services, the study also points out. Nearly half (46%) of respondents said managing privacy and data protection in the cloud is more complex than on-premises solutions. Hybrid models are preferred by many organizations that are not moving entirely to the cloud.
Hackers Use Legitimate Cloud Providers to Store Malware
While the expanding hybrid cloud model offers better services and convenience, it also comes with several security problems. Whether we are talking about ransomware attacks or account hijacking, security experts have noticed a trend: hackers are using legitimate cloud and internet providers to upload malware.
For example, HP’s cybersecurity team has discovered that hackers are using legitimate cloud providers to store malware and changing file types to bypass detection tools.
A recent GuLoader campaign uploaded the Remcos Remote Access Trojan (RAT) to major platforms, such as OneDrive, to bypass protection systems and pass verification tests. HP Wolf Security also discovered several malware families on social media platforms, like Discord.
“The average time for a company to apply, test, and deploy patches, with the necessary checks, is 97 days, giving hackers the opportunity to exploit this ‘window of vulnerability,'” according to the latest HP Wolf Security Threat Insights report.
Initially, only highly experienced cyberattackers could exploit this vulnerability, but automated scripts have made this type of attack accessible to less experienced hackers.
“Thus, the risk to companies increases substantially as zero-day exploits are automated and accessible in places like underground forums,” explained Alex Holland, Senior Malware Analyst, part of the HP Wolf Security Research Team at HP Inc. “We’re also seeing major platforms like OneDrive giving hackers the ability to mount blitz attacks. Although malware stored on such platforms is quickly deleted, this does not deter attackers because they can achieve their goal by delivering malware during the hours when files are live,” Holland explained.
89% of the malware detected was delivered via email, while downloading files from the web accounted for 11%, and other vectors, such as external storage devices, for less than 1%. The most common attachments used to deliver malware were archive files (38%, up from 17.26% in the last quarter), Word documents (23%), Excel documents (17%) and executable files (16%), the report showed.
As cloud-computing adoption increased rapidly, everyone was forced to reevaluate cybersecurity. The shift from traditional cybersecurity, focused on protecting the perimeter to a data-centric approach, is key for protecting sensitive information stored in the cloud.
