As organizations shifted to cloud as their response to the crippling effects of the pandemic, cybercriminals amplified their attacks on the platform. This is one of the findings in the latest 2021 X-Force Threat Intelligence Index released recently by IBM Security.
The report highlighted how cyberattacks evolved in 2020, at the height of lockdowns and closures of establishments and offices that forced people to work from home. One of the efforts to adapt to the new setup and ensure business continuity is cloud adoption.
IBM Security is IBM’s cybersecurity solutions arm supported by X-Force research.
Quoting a Gartner survey released in November 2020, IBM said almost 70% of organizations using cloud services today plan to increase their cloud spending in the wake of the disruption caused by COVID-19.
But according to the X-Force report that while Linux is currently powering 90% of cloud workloads and experienced a 500% increase in Linux-related malware families in the past decade, cloud environments can become a prime attack vector for threat actors.
Open-source malware is enabling attackers to recalibrate their attack strategies “to improve profit margins.” Open-source software can reduce costs but it does not diminish the effectiveness of the malware.
The IBM report saw various threat groups such as APT28, APT29, and Carbanak turning to open-source malware, indicating that this trend will be an accelerator for more cloud attacks in the coming year.
The report also suggests that attackers are exploiting the expandable processing power that cloud environments provide, passing along heavy cloud usage charges on victim organizations, as Intezer observed more than 13% new, previously unobserved code in Linux cryptomining malware in 2020.
With attackers’ sights set on clouds, X-Force recommends that organizations should consider a zero-trust approach to their security strategy. Businesses should also make confidential computing a core component of their security infrastructure to help protect their most sensitive data – by encrypting data in use, organizations can help reduce the risk of exploitability from a malicious actor, even if they’re able to access their sensitive environments.