Ransomware Threat Soars: Hackers Exploit Cloud Migration Sloppiness
Ransomware attacks continue to escalate, posing a significant challenge for defenders who are struggling to keep up with the ever-evolving threat landscape. According to Elastic’s second Global Threat Report, which analyzed over a billion data points collected in the past year, more than half of all observed malware infections target Linux systems. Additionally, the report highlights that almost every attack on cloud infrastructure begins with credential theft.
The prevalence of certain ransomware families and the use of off-the-shelf tools were also significant findings of the report. Notably, BlackCat, Conti, Hive, Sodinokibi, and Stop emerged as the most common ransomware families, accounting for a staggering 81% of all ransomware activity. Moreover, when it comes to off-the-shelf tools, threat actors predominantly employ Metasploit and Cobalt Strike, which comprise 5.7% of all signature events on Windows systems.
Linux endpoints appear to be the primary targets for malware, with a significant proportion (91%) of malware signature events recorded on these systems. Windows endpoints accounted for around 6% of malware signature events. Threat actors remain hidden by lurking in devices with low visibility, such as edge devices and appliances.
However, Elastic’s research also shed light on the vulnerability of cloud-based solutions. As businesses increasingly migrate from on-premises solutions to the cloud, inadequate security practices have resulted in misconfigurations, lax access controls, unsecured credentials, and insufficient principle of least privilege models. Threat actors are exploiting these weaknesses to compromise cloud environments and deploy malware.
In the case of Amazon Web Services (AWS), Elastic found that defense evasion, credential access, and execution were the most common tactics used by threat actors. Furthermore, more than half (53%) of all credential access events involved the compromise of legitimate Microsoft Azure accounts.
Jake King, the head of security intelligence and director of engineering at Elastic, emphasized the evolving nature of the threat landscape. He stated, Today’s threat landscape is truly borderless, as adversaries morph into criminal enterprises focused on monetizing their attack strategies. King also drew attention to the rise of automated detection and response systems, which empower engineers to better defend their infrastructures.
Defending against ransomware requires vigilance and ongoing investment in new defense technologies and strategies. Open-source malware, commodity malware, and the use of AI have made it easier for attackers to breach systems. However, the development of automated detection and response systems offers hope in the ongoing cat-and-mouse game between defenders and threat actors.
As more businesses transition to cloud-based solutions, it is imperative for organizations to prioritize strong security practices during the migration process. This includes implementing robust access controls, ensuring secure credential management, and following the principle of least privilege. By integrating security from the start, organizations can better protect their cloud environments from the growing ransomware threat.
In conclusion, the rising ransomware threat, combined with the exploitation of sloppy cloud migration practices, underscores the urgency for organizations to enhance their cybersecurity defenses. With attackers becoming increasingly sophisticated, it is crucial to remain vigilant and invest in innovative defense technologies to stay one step ahead in the ongoing battle against ransomware.
