Miscreants sure do love ransacking cloud networks, more so than before

As enterprises around the world continue to move to the cloud, cybercriminals are following right behind them.

There was a 48 percent year-over-year jump in 2022 in cyberattacks on cloud-based networks, and it comes at a time when 98 percent of global organizations use cloud services, or at least that's what Check Point researchers say they've noticed.

The increases were experienced in various regions, including Asia (with a 60 percent jump), Europe (50 percent), and North America (28 percent), the infosec bods wrote in a report this week.

"The rise in attacks on the cloud was driven both by an overall increase in cyberattacks globally (38 percent overall in 2022, compared to 48 percent in the cloud) and also by the fact that it holds much more data and incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact," Omer Dembinsky, data group manager at Check Point, told The Register.

Cloud incorporates infrastructure and services from large amounts of potential victims, so when exploited the attacks could have a larger impact

Human error is a significant factor in the vulnerability of cloud-based networks, as are "the built-in characteristic that a cloud-based network should be accessible from outside the network," Dembinsky said.

Check Point researchers noted examples in recent years that highlight the dangers of attacks on networks hosted in or managed from the cloud, including a security breach of AIS, a cellular network in Thailand, in which 8 billion internet activity records were accidentally exposed. It may cost AIS as much as $58 billion to resolve the disaster, some say.

And, we're reminded by Check Point, in November a state-sponsored Iranian crew exploited the high-profile Log4j vulnerability to infiltrate an unpatched VMware Horizon server within the US federal government and deploy an XMRig cryptominer.

What that specific server compromise has to do with cloud networking is not quite clear to us vultures but anyhow, the exploitation of the Log4j flaw highlighted another data point observed by Check Point: the use of newer CVE-labeled vulnerabilities, or those disclosed since 2020. According to the infosec shop's numbers, 22.9 percent of attacks on on-premises networks involved these newer flaws, compared with 27.4 percent of assaults on cloud-based networks.

Another way of looking at it is that the majority of bugs exploited by miscreants are years and years old, likely targeting forgotten or neglected systems that haven't been patched.

• How Intel and AMD hope to win the cloud security game
• Microsoft tries again to ignite interest in DevOps cloud security
• If you're wondering why Google blew $5b on Mandiant, this may shed some light
• AWS strains to make Simple Storage Service not so simple to screw up

Meanwhile, a vulnerability that could be abused to achieve remote code execution (RCE) on compromised VMware Workspace systems had a greater "impact" on cloud networks, Check Point said. By greater impact, we'll read that as: exploitation of this flaw against a cloud target caused more damage and disruption or more data to be stolen than what you'd typically see with on-prem systems.

That makes sense because, as we said, targeting cloud-hosted systems can affect a greater number of people due to the concentration of data and resources.

Other programming blunders that had a greater impact against cloud systems when exploited include a Microsoft Exchange Server RCE flaw, a Text4shell RCE, and a F5 Big IP bug. Check Point said it came to these conclusions after studying stats from its IT defense products.

"In cloud-based networks, some of this patching is done by the cloud providers, but it is still up to the network and security admins to make sure all their infrastructure is not vulnerable," Dembinsky said.

And all that info of yours accessible via the cloud is too valuable for crooks to ignore, Tom Kellerman, senior vice president of cyber security at Contrast Security, told The Register.

"Cybercrime cartels and rogue nation intelligence services appreciate that the future is island hopping, which lies in colonizing the cloud," he said. "This also means that defense capabilities in cloud networks need to improve."

It's befuddling that we aren't doing any better, security-wise, in the cloud than we did before the cloud

According to Check Point, that means taking such steps as using zero-trust cloud network security controls, incorporating security and compliance earlier in the development lifecycle, avoid misconfigurations, and using tools such as an intrusion detection and prevention systems and next-generation web application firewalls.

Roger Grimes, an evangelist at KnowBe4, told The Register no one should be surprised that miscreants are increasing their attacks on cloud networks, adding that "organizations are using more cloud resources than ever before. Hackers have always gone to what's popular. That's never not been the case."

What is surprising is that while there are attacks specific to cloud resources, most are the same as those perpetrated against on-premises systems, Grimes said. They include everything from social engineering and credential theft to unpatched software, overly permissive permissions, and misconfigurations.

"Defenders don't have to learn something new," he said. "The cloud is a new paradigm, but the way cloud resources are successfully attacked the most isn't. In that light, it's even more befuddling that we aren't doing any better, security-wise, in the cloud than we did before the cloud. You think we would have taken the lessons learned and then moved them to the cloud." ®