The cloud became an increasingly popular target in the first half of this year for cybercriminals looking to do everything from stealing data to siphoning compute power to mine cryptocurrencies, according to cybersecurity software provider Check Point Technologies.
In the company's "Cyber Attack Trends: 2018 Mid-Year Report," researchers reiterated the fast-growing trend in cryptomining malware that has been ongoing since the end of last year. However, cryptomining malware also has been evolving quickly in how it's delivered and is now making its way into the cloud, according to Maya Horowitz, group manager of threat intelligence at Check Point. The evolution dovetailed with another finding by the company, that of hackers making a move into the cloud. (See Cryptomining Malware, Cryptojacking Remain Top Security Threats.)
The number of organizations hit by cryptomining malware doubled to 42% in the first six months of the year, according to the report. The three most common variants of malware -- Coinhive, Cryptoloot and JSEcoin -- were cryptominers, which is used to take CPU or GPU power from a victim's system to mine cryptocurrencies, and can use as much as 65% of the CPU power, researchers said.
However, the methods of gaining access to that power and the targets of the malware is rapidly evolving, Horowitz told Security Now in an email.
"First, they were sent as any other malware that needs to find a way to be executed on a PC," she wrote. "Then, they solved the execution issue by running the mining activity within the Internet browser, as victims browse to certain websites. To expand, they started attacking mobile devices. The next step was attacking web servers, which obviously have far greater computation power than a PC, browser or mobile device. The last evolvement was attacking cloud infrastructure; with auto-scaling, these attacks maximize on computation resources. So, the attacks today are not only more prevalent, but also more cost-effective."
Cloud infrastructures also became more popular targets for attackers looking for data, given the trend among enterprises to move more of their data and workload to the cloud. According to Check Point researchers, there were several cloud-based attacks with the aim of stealing data that were the result of poor security practices, such as weak passwords and credentials remaining on public source code repositories. That poor security is helping to fuel attacks on cloud environments, Horowitz said. (See How the Cloud Is Changing the Identity & Access Management Game.)
"While with classic networks, there's a best practice that's been built in the last 25 years, cloud environments are new and organizations are still confused on how to protect them," she added. "This means too many of these environments are not segmented, there's poor authentication and access control, and sometimes not even security at the entering point, as organizations falsely assume they are protected by the cloud provider. Therefore, these attacks are very lucrative as they're both easier and lead to more data."
The Check Point analysts also noted two other trends.
One was the delivery of malware that already was installed in mobile devices through the supply chain rather than downloaded from a malicious site or through malware in apps from app stores. In addition, multi-platform malware, which was still a rarity by the end of 2017, is becoming more common, due in large part to the growing numbers of connected consumer devices and the increasing presence of non-Windows operating systems.
"Cross-platform attacks are the most advanced attacks that we see today," Horowitz noted. "They are less 'off the shelf' and demonstrate The Fifth Generation of attacks -- attacks that will try to get in through any door, window or chimney, which calls us to protect all entering points so that there's no weak link -- PC, cloud, mobile, etc."
Looking at the threat environment as a whole, she said she sees two parallel trends.
"One is that lazy threat actors are buying $10 malware and using them in large-scale attacks, and recycling 5+-year-old exploits in these attacks," Horowitz wrote. "This shows the importance of security patching and classic protection measures. The other trend is some sophisticated actors who take the time to develop attacks against new types of platforms (cloud, mobile) and even multi-platform, using zero-day vulnerabilities. For this reason, using zero-day protection on all platforms is highly important."
- McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
- Adware & Cryptomining Remain Top Enterprise Security Threats
- Blockchain & Cryptocurrency Becoming Greater Security Concerns
- Mobile Malware Group Hits Google Play a Third Time
— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.