Darkreading.com reported there the cloud is likely the next target since “…most public cloud providers do supply basic security controls, they may not include all of the latest security services needed to prevent more evasive threats.”  The February 11, 2020 article entitled “Why Ransomware Will Soon Target the Cloud” which included these three reasons why the cloud is the next ransomware target:

First, the cloud has been left largely untouched by ransomware so far, so it’s a new market opportunity for attackers.

Second, the data and services stored or run through the cloud are now critical to the day-to-day operations of many businesses. Five years ago, a company might have been able to function without its cloud deployment in the short term, so the pressure to pay a ransom wouldn’t have been as high. Now, most businesses will be crippled if they lose access to their public or private cloud assets. That creates the same intense pressure to restore services quickly that we’ve seen with hospitals, city governments, and power plants over the last few years.

Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server. As an example, several attacks in the first and second quarters of 2019 involved bad actors hijacking multiple managed service providers’ management tools and using them as a strategic entry point from which to spread Sodinokibi and Gandcrab ransomware to their customer rosters. The same principle applies here — hacking a central, cloud-based property allowed attackers to hit dozens or hundreds of victims.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *