As businesses continue to transition to cloud-based data storage and computing, the threat of hacks and attacks to the cloud will continue to grow. In this article, we outline some of the major threats to the cloud that organizations should be privy to.
Data Breaches/Losses
This has been a problem for quite some time. When companies migrate over to the cloud, they usually do it all once, without proper planning and preparation done ahead of time. As a result, mistakes are made causing weaknesses and gaps, and creating backdoors for the cyber attacker to penetrate. But worst yet, this sets the stage for data leakages to occur, exposing the Personal Identifiable Information (PII) datasets of both customers and employees to the outside world. This may or may not be intentional, but the bottom line is that this is preventable. For example, many companies rely upon the default settings that are provided to them by their cloud provider. These typically don’t work, and they require custom configuration, which is often left as a bottom priority in the list of things to do. Also, the controls that were once used to protect the PII datasets in an on prem infrastructure will, for the most part, not work in the same way in the cloud. Therefore, these need to be checked and custom configured as well.
DDoS Attacks
DDos Attacks is an acronym that stands for “Distributed Denial of Attacks”. This is where a cyber attacker launches a flurry of data packets toward your cloud infrastructure, making all processes slow down, and eventually come to a halt. As a result, you will not be able to use any SaaS-based applications. This is actually a very old threat vector, but it is still used widely and is expected to pick up more in 2023. That said, the good news is that DDoS-style attacks are not meant to cause any long-lasting harm to our virtual environment, rather they are just a nuisance that your ISP should be able to resolve within a few hours, depending on the magnitude of the attack.
Ransomware
This is the kind of threat vector that involves the cyber attacker deploying a malicious payload into your cloud deployment. Very often, these pieces of malware are deployed when an employee downloads a malicious file (such as .DOCX, .XLS, or .PPT), and/or clicks on a link that takes them to a phony site. From here, your Virtual Machine (VM) is locked, and all your files are secured with an encryption algorithm. In order to unlock them, you must pay a ransom (usually in Bitcoin). In return, the cyber attacker is theoretically supposed to send to you the decryption algorithm so that you can unlock your VM and retrieve your files. Usually, this does not happen, and you are left hanging. This is the most basic form of a ransomware attack, but they have gotten more severe. An example of this is if you don’t make payment, the cyber attacker threatens to expose your PII datasets to the public, or worse yet, sell them off to the dark web. These “worst-case scenarios” are expected to continue into 2023. But, if you keep backups of everything, you minimize your risk. This means creating a new VM and plugging your backups into it. Or better yet, with the recent cloud advancements, you can put your entire virtual infrastructure into various other data centers. Thus, if you are trying to recover from a large-scale ransomware attack, you can easily flip over to one of these other data centers so that you do not incur a large amount of downtime.
New Phishing Attacks
Along with DDoS attacks, phishing attacks are expected to continue. But they likely won’t continue in the suspicious email form that we’re used to. Rather, they will come in the form of social engineering attacks, where the cyber attacker will take their time and study the unsuspecting victim. This can be done by studying their social media profiles, and/or making use of what is known as “Open-Source Intelligence”, or “OSINT” for short. From here, calls can be made to lower-ranking employees of a business by the cyber attacker, conning them to make wire transfers of large sums of money to phony, offshore accounts. There is also yet another form of a phishing attack called “Vishing”. This is where phony text messages are sent to a victim, enticing them to click on a malicious link.
The World of the IoT
This is an acronym that stands for the “Internet of Things," meaning all the objects that we interact with, both virtual and physical, interact together. Probably some of the best examples of this are Siri and Cortana. While using them certainly has advantages, they can also be a huge security risk, especially to your cloud deployment. For instance, the network connections that are used in the IoT are not encrypted, so whatever you speak, or type is often sent in cleartext format. Meaning, if this were to be intercepted by a third party, they could very easily decipher it, and even launch ID theft attacks. Or, if your IoT devices are connected to your cloud deployment, this can yet be another backdoor for the cyber attacker to penetrate.
One of the best ways to protect yourself from any kind or type of Cloud-based threat is to always back up your datasets and make use of all the security tools that you can. Most of these come free of charge from your cloud provider.