As more services move ever cloud-wards, so too do thoughts by attackers as to how best exploit them. With all that juicy data sitting on someone else’s servers, it’s essential that they run a tight ship. You’re offloading some of your responsibility onto a third party, and sometimes things can go horribly wrong as a result. Whether it’s the third party being exploited, or something targeting the cloud users themselves, there’s a lot to think about.
We offered some thoughts in a recent article on potential cloud issues. Below are some other areas of concern which spring to mind. The linked article focuses on misconfiguration, phishing issues, limiting data share, and the ever-present Internet of Things. Below, we dig into a few of those. We also offer some additional opinions on where other attacks of interest may lie.
Cryptocurrency wallet attacks
Digital wallet phish attempts are rampant on social media, and we expect this to rise. People new to cryptocurrency often gravitate to services which take the hassle out of setting everything up. Third party-services which look after your private keys are known as custodial wallets. Private keys are important because they’re your digital keys to your Bitcoin kingdom.
You’re essentially giving the third-party full control of managing things for you. If the third party is compromised or exploited in some way, what happens to your stolen funds may take some time to resolve. You may well get it back, but you likely won’t be able to put any timeline to that process.
Some folks may feel the above process isn’t as secure as storing their cryptocurrency on standalone devices. So-called “cold wallets” are typically offline hardware devices, with no internet capability and the ability to manage only a few types of digital currency.
This is at odds with the “hot” custodial wallets which typically plug into many forms of currency, and provide various online services. It’s a bit like the difference between using an online, cloud based password manager run by a third-party company, or running a totally local password manager operated by you and you alone.
If something goes wrong with your cold wallet, should you lose it or have it stolen, nobody is coming to help. This is a lot of responsibility if you’re dealing with large amounts of currency. On the other hand, do you want to take the risk of plugging large amounts into something whose management is up to someone else?
Even if people avoid being phished, stealer malware which hunts for private keys and/or logins are becoming increasingly popular. Users may also run into trouble if something goes wrong at the organisation looking after their private keys. It’s an incredibly complex landscape fraught with problems, and this is why we’ll continue to see people hit by all manner of cryptocurrency scams for some time to come.
Ransomware supply chain triple-threat
Ransomware will continue to cause problems in supply chains and leverage so-called triple threat attacks. This is where multiple forms of pressure are placed upon the victim to convince them to pay up. This method of attack is sure to remain popular, becoming a viable alternative to “just” using double extortion tactics.
For example, demanding ransom with the threat of leaking data could be considered a double threat extortion. Meanwhile, attacks like BlackCat went all-in on triple-threats towards the end of 2021. BlackCat didn’t only demand a ransom under threat of data leaks; it also promised to fire up a DDoS (distributed denial of service) if the ransom wasn’t paid.
Targets who keep all files in the cloud only (no local or offsite backups) are great marks for blackmailers. Indeed, even where backups exist, they may not be as effective as they once were due to additional threats beyond a ransom payment. Sure, you won’t lose your data if you have backups, the attackers will say – but they’ll make sure a lot of it ends up on an underground forum somewhere regardless.
This is why it’s crucial to try and stop ransomware authors getting one foot in the door in the first place. Training staff not to open attachments from untrusted senders, keeping security updates up to date, and reducing services needlessly visible online can all help with this.
We expect to see various forms of harassment increase in virtual worlds as more people jump on the Metaverse bandwagon, with security and safety settings playing catch up.
The possibility exists for rogue advert manipulation and phishing should Meta decide to push ahead with virtual ad placement. There are also issues with augmented reality privacy concerns, data breaches, and photo realistic representations of your living space for all to see. All this, before we even touch on the very big problem of harassment in virtual spaces. Placing virtual bubbles around users so others can’t digitally grope them is just one sorely needed tool to help combat harassers, but more needs to be done.
Cloud services which reduce VR processing strain on user’s machines could also become popular targets, especially where gaming is concerned. With more slices of the gaming pie being offloaded away from the user’s machine, it’s only natural to think they may take a hit.
As we’re seeing, it’s not only game developers at risk from being targeted. With hardware shortages generally making it more difficult to get hold of graphics cards and chips, subscription cloud services are viewed as an important alternative. Becoming a crucial tool in the battle against lack of components will mean they catch the eye of people with bad intentions.
We finish off with that constant thorn in the side of the cloud: basic errors which consistently lead to security woes.
Every year organisations fail to secure their cloud services and data is leaked, exposed, and scraped by third parties. Even apps aren’t free of cloud risks, with tools designed to monitor children’s online use accidentally exposing user IDs, plaintext passwords, and more thanks to missing security measures.
Exposed data can lurk for months without discovery. It can also be used for blackmail and profit, and once it’s online there’s no going back. People often talk about “leaky buckets” in relation to misconfigured services. They’re called buckets because they hold your data; unfortunately those leaks don’t stand a chance of being fully plugged anytime soon.
Whether your area of interest is IOT, ransomware, or even the Metaverse, it’s well worth digging into some of these topics and keeping one eye on the news. Whether you’re involved with the cloud at home or in the workplace, bad actors are figuring out ways to cause trouble – but that doesn’t mean we have to let them.
The post Clouding the issue: what cloud threats lie in wait in 2022? appeared first on Malwarebytes Labs.