Judging by the products and services introduced during the pandemic, it is safe to say that COVID-19 has accelerated cloud migration because it altered the business operations significantly. IBM Security conducted research to find out the challenges and threats that impact cloud security.

In the IBM survey data and case-study analysis, the firm found organizations are faced with basic security oversight issues, including governance, vulnerabilities, and misconfigurations. The case-study analysis of security incidents over the past year also sheds light on how cybercriminals are targeting cloud environments with customized malware, ransomware, and more.

IBM notes that while the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams.

IBM: COVID-19 accelerated digital transformation

IBM X-Force: Hackers recycle previously stolen data to get into networks

“When done right, the cloud can make security scalable and more adaptable — but first, organizations need to let go of legacy assumptions and pivot to new security approaches designed specifically for this new frontier of technology, leveraging automation wherever possible,” said Abhijit Chakravorty, Cloud Security Competency Leader, IBM Security Services. “This starts with a clear picture of regulatory obligations and compliance mandate, as well as the unique technical and policy-driven security challenges and external threats targeting the cloud.”

Cryptomining

In order to get a better picture of the new security reality as companies quickly adapt to hybrid, multi-cloud environments, IBM Institute for Business Value (IBV) and IBM X-Force Incident Response and Intelligence Services (IRIS) examined the unique challenges that affect security operations and the top threats in the cloud environments.

Employees work from anywhere while connected to corporate networks. About 66% of respondents (from the 930 senior business and IT professionals) surveyed say they rely on cloud providers for baseline security, however, the perception of security ownership varied greatly across specific cloud platforms and applications.2

IBM X-Force IRIS cloud-related case studies found 45% of incidents of hacking over the cloud. Communications are conducted over the cloud using various unsecured apps (web apps or mobile apps) and cybercriminals understand this vulnerability only too well.

Cybercriminals have obviously scoured the opportunities and are no longer after data but have also targeted cloud for cryptomining and ransomware — using cloud resources to amplify the effect of these attacks.

Top threats

In the IBM X-Force IRIS “Cloud Landscape Report,” which is based on client incident response cases that took place between June 2018 and March 2020, the company found:

Exploiting Cloud Apps: The most common entry point for attackers was via cloud applications, including tactics such as brute-forcing, exploitation of vulnerabilities, and misconfigurations. Vulnerabilities often remained undetected due to “shadow IT,” when an employee goes outside approved channels and stands up a vulnerable cloud app. Managing vulnerabilities in the cloud can be challenging since vulnerabilities in cloud products remained outside the scope of traditional CVEs until 2020.

Ransomware in the Cloud: Ransomware was deployed three times more than any other type of malware in cloud environments, followed by cryptominers and botnet malware.

Data Theft: Outside of malware deployment, data theft was the most common threat activity IBM observed in breached cloud environments over the last year, ranging from personally-identifying information (PII) to client-related emails.

Exponential Returns: Threat actors used cloud resources to amplify the effect of attacks like cryptomining and Distributed Denial of Service (DDoS). Threat groups used the cloud to host their malicious infrastructure and operations, adding scale and an additional layer of obfuscation to remain undetected.

Cybercriminals Leading the Charge: Financially motivated cybercriminals were the most commonly observed threat group category targeting cloud environments, though nation-state actors are also a persistent risk.

“Based on the trends in our incident response cases, it’s likely that malware cases targeting cloud will continue to expand and evolve as cloud adoption increases,” said Charles DeBeck, IBM X-Force IRIS. “Our team has observed that malware developers have already begun making malware that disables common cloud security products, and designing malware that takes advantage of the scale and agility offered by the cloud.”