In a time where 71% of companies have encountered an “extortion … threat”, it is clear that cyber extortion schemes are becoming more sophisticated and effective than ever before. And with ongoing improvements in the technology sector and its influence on businesses everywhere, organizations should be becoming more proactive in their cybersecurity solutions to keep their data safe.
Companies that utilize cloud technology solutions to enhance their workplace productivity and efficiency are also vulnerable to extortion attempts. And with Gartner expecting “[w]orldwide end-user spending on public cloud services … to total $591.8 billion in 2023”, cybercriminals are sure to continue deploying cyber-attacks to steal data.
This blog will go over the ins and outs of cloud extortion, along with the ways companies can better secure their cloud technology solutions for safer networks and processes.
What is the cloud?
The cloud covers a wide range of technologies and services that allow businesses to access and use data remotely. With the power of the Internet, users can deploy and run the solutions they need to enable company procedures, from productivity tools (such as Microsoft 365) to data storage.
What are the benefits of cloud computing?
Organizations that take advantage of cloud services are rewarded with several benefits. These bonuses work in tandem with each other to generate an institution that is not only equipped to meet the demands of the modern business world, but is ready to lead it.
Some of these benefits are:
What is cyber extortion in the cloud?
Cyber extortion occurs when malicious actors, through coercion and other threats, attempt to extract sensitive data from their victims. Extortion is a two-layer offense, leading to other threats, such as data breaches. In the case of the cloud, extortion would come after malicious entities successfully overcome cloud security tools and manage to penetrate the network far enough to encounter sensitive information.
Cloud storage spaces can be unlawfully accessed in various ways, from human error that can lead to ‘ransomcloud’ incidents (a cloud-specific ransomware attack) to ineffective identity and access management (IAM) controls. Regardless of the method used, once an entity has access to your data, they can use it in a number of ways, such as blackmailing you into paying a ransom or stealing your organization’s intellectual property—a hit against your company’s reputation.
How can cyber extortion affect businesses?
Businesses gather data from their customers and operations every day. This information goes towards keeping your organization functional and profitable—extortion can undo all that work.
Specifically, succumbing to digital extortion can result in the following consequences:
Extortion in the Big Three: How could each platform be exploited?
As with all technical tools and environments, cloud technology solutions are only as secure as their configurations make them. While they can help keep data safe within a dynamic cloud infrastructure, organizations ought to stay vigilant for any form of cyber-attack and extortion that may come their way.
With that being said, the three most popular cloud platforms—Microsoft Azure (Azure), Amazon Web Services (AWS), and Google Cloud Platform (GCP)—do possess vulnerabilities that can be exploited by malicious actors.
Azure’s storage accounts consist of users’ tables, blobs, queues, etc. According to Microsoft, storage accounts supply you with “a unique namespace for your Azure Storage data”. Per the solution’s standard practice, users’ data is encrypted, and Microsoft supplies the key. But the weakness lies in a separate feature.
The cloud technology solutions’ storage accounts have an option that allows you to configure a container for public access, meaning that the data is readily available to be viewed. This can pose a data protection risk as it widens the viewership of those who can see the information within the container.
While Microsoft says that “public access to your blob data is always prohibited”, this could be easily changed by an individual using Azure Resource Manager. All it would take is one compromised credential for a threat actor to disrupt the company’s access control measures, bypassing cloud security tools to steal information.
Amazon Web Services (AWS)
For customers of AWS, cloud storage takes the form of buckets within Amazon Simple Storage Service (Amazon S3). Amazon S3 can be used for a range of purposes, from backup and cloud data restoration to maintaining applications. When securing S3 buckets, users can apply encryption measures to individual buckets or files.
While this may seem like a given across the board of cloud providers, S3’s weakness lies in a facet of its encryption key practices. AWS allows its customers to leverage keys from other accounts to handle encryption. Sharing passwords and other security solutions is an ill-advised cybersecurity practice. In this case, it could be possible for a threat actor to access a pre-existing company account, use a key from said account, and instigate their attack with their newly ‘authorized’ tool.
Google Cloud Platform (GCP)
With a comprehensive range of cloud security tools and keys—Customer-supplied encryption keys, customer-managed encryption keys, etc.—to keep data safe, it can be challenging to see where the danger of cyber extortion dwells within GCP and its Cloud Storage product. But similar to Azure’s slightly indirect route for bypassing access control policies, GCP’s weakness relates to the “Transfer Job” feature.
In this context, transferring is essentially a data migration where users can move their information from point A to point B, while simultaneously deleting the original files (though this has to be chosen when configuring a transfer). If a threat actor were to breach your cloud technology solutions and find themselves in a position of administrative privilege, they could take advantage of GCP’s cloud services, organize and launch a data transfer, and hold your organization’s information for ransom.
How can businesses protect their cloud infrastructure?
Investing in cloud security tools to keep your business data safe is essential. Outside of being ethical, robust cloud data security can help you remain compliant with any regulations your organization is required to follow.
Each solution you deploy ought to exemplify the latest cybersecurity capabilities, ultimately making it more difficult for malicious entities to breach your cloud environment.
Here are some tips to help you ensure that your cloud is secure and reliable:
By following these tips, you can enhance the security surrounding your cloud infrastructure, helping you protect your business from potential threats and keeping your data safe.
Keep your data safe with cloud security solutions and real-time protection
Cyber extortion can impact any business, no matter its industry or size. While the cloud offers an array of dynamic security solutions to protect your data, you can be sure that it will be a valuable target for malicious entities now, tomorrow, and well into the future.
The cloud security experts at Skynet MTS specialize in all aspects of cloud security—business continuity, governance policies, etc. With the Skynet MTS team protecting your cloud-stored information, you will be able to focus on running your business, providing your customers with value, and scaling up your operations.