News

Hackers using cloud services to access data

Cybercriminals don't need users to click on a link anymore to infiltrate business.

21 February 2022 

The rise of cloud services is helping more international cybercriminals access data around the world.

Traditionally, hacking threats have mainly come from countries like Russia and China but a new report into global threats has found the network of hackers is expanding to include a number of other countries.

According to Crowdstrike’s 2022 Global Threat Report, the number of hostile nation-state hacking operations is rising as new countries invest in cyber-intrusion campaigns and existing state-backed attack groups take advantage of the rise in organisations adopting cloud applications.

The report reveals that there has been a rise of new countries engaging in offensive cyber operations, including Turkey and Colombia.

Crowdstrike said attacks by Turkish-linked groups are detailed as attacks by 'Wolf' while attacks by Colombian operations have been dubbed 'Ocelot'.

The report details a Turkish attack on Amazon Web Services’ cloud environment in 2021 where attackers were able to break into the AWS cloud environment using stolen usernames and passwords, which also provided the attackers with the privileges required to alter command lines.

Ultimately, countries are seeing that cyber campaigns can be easier to conduct than traditional espionage and are investing in these techniques.

Adam Meyers, senior vice president of intelligence at Crowdstrike, said one of the reasons countries were increasing their offensive cyber capabilities is due to the impact of the global pandemic. Lockdowns and stringent travel checks made it harder for traditional espionage techniques to be effective, leading towards investment in cyber operations.

He said the shift toward cloud applications and cloud IT services have also played a role in making cyberattacks easier. The rise of hybrid working means many employees aren't based in an office, instead connecting remotely via collaborative applications, VPNs and other services – using a username and password.

And although this makes being productive while working remotely simpler for employees, it's also made things simpler for hacking groups, who can secretly access networks with a stolen – or guessed – username and password.

"As organisations are moving to the cloud and looking to develop better capabilities, threat actors are moving there as well," said Mr Meyers.

There are, however, steps that organisations can take to help make their networks and their cloud infrastructure more resistant to cyberattacks.

The report recommends that organisations work towards eliminating misconfigurations in their cloud applications and services by setting up default patterns for setting up cloud, so when new accounts are set up, it's done in a predictable manner, minimising the possibility of human error going undetected. Cloud architecture should also be monitored and maintained with security updates, like any other software.