Mar 7, 2023 - Technology

Hackers are quickly learning how to breach cloud systems

Illustration of a carbon cloud with an "X" on it, wiggling as if about to be deleted.

Illustration: Aïda Amer/Axios

Hackers are quickly finding flaws in organizations' cloud infrastructure despite perceptions that the technology is ironclad against cyberattacks.

The big picture: Organizations have invested billions of dollars in recent years to move their digital data from traditional, on-premise enterprise storage solutions to the cloud. That investment is expected to keep growing and reach close to $600 billion this year.

  • The high price of relocating data was largely paid for one reason: It's far more difficult for hackers to break into an organization's cloud systems.
  • But recent research and incidents underscore how quickly malicious hackers are adapting to the new reality.

Driving the news: Attacks exploiting cloud systems nearly doubled in 2022, and the number of hacking groups that can target the cloud tripled last year, according to a CrowdStrike report released last week.

  • A wide-reaching ransomware attack last month targeted a vulnerability in a popular VMware machine used in cloud systems, leaving thousands of systems vulnerable.
  • Bloomberg reported last month that the recent exposure of roughly a terabyte of Pentagon emails was likely due to a cloud configuration error.

What they're saying: "As more organizations are moving into the cloud, it becomes a much more attractive target for these threat actors, and they're spending more time and resources trying to get into that environment," Adam Meyers, senior vice president of intelligence at CrowdStrike, told Axios.

  • "Everybody is doing it. We've seen 17-year-olds, and we've seen the Russian SVR."

By the numbers: About eight in 10 organizations said they had a cloud security incident in the last year, according to a September report from Venafi.

  • 45% of the organizations that faced a cloud security incident experienced at least four attacks during that period, the research found.

Between the lines: The cloud is still far more secure than traditional systems, Meyers said, but a big driver in attacks are the security flaws accidentally injected whenever organizations customize cloud tools for their specific systems.

  • Subsequently, most organizations also fail to update their legacy cybersecurity tools to spot those cloud configuration errors, Meyers added.

The intrigue: Many hackers are quickly building skills to target cloud storage because of how rewarding it can be.

  • During traditional attacks targeting onsite servers, malicious hackers typically need their own port-scanning tools to detect what systems are in an enterprise and where the weak, exploitable spots are.
  • But during cloud attacks, those port scanners aren't needed, Meyers said. Malicious hackers who can navigate a cloud environment can use native tools inside the environment to more stealthily search and determine what data is available.
  • "You've created a Mentos of security: crunchy on the outside, soft and chewy on the inside," Meyers said.

Yes, but: Attacks targeting the cloud still start in many of the same ways as on-premise attacks: using stolen employee login credentials.

  • For instance, cloud security firm Mitiga warned last week that when hackers use legitimate login credentials to break in, the Google Cloud Platform fails to record a proper activity log of the malicious actor's actions, cyber trade publication Dark Reading reports.

The bottom line: As IT spending on the cloud continues to grow, organizations need to make sure they're also reviewing their security sets to ensure they can handle new, cloud-related obstacles.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper