In a report released yesterday by Skybox Security, which deals with cybersecurity, it is clear that hacks against cloud platforms are preferred by hackers. At the same time, attacks involving crypto mining have decreased.
According to the report, in fact, attacks and vulnerabilities affecting cloud platforms have increased by 46% compared to the same period last year and by 240% when compared to the figure of 2017.
In addition, the report explains that there has been an upward trend in hacks impacting different products sharing the same code: at least 40 vulnerabilities have affected 3 different vendors.
The report also shows that malicious attacks involving crypto mining, which uses the victim’s computer to mine cryptocurrencies, a type of hack widely used in the past year, have dropped by 15%, as have attacks related to malware, ransomware, botnets and so on.
In fact, if considering that recently many are focusing on cloud solutions both for the storage and for the computing power, we see that hackers are targeting this sector.
Attacking a cloud service yields more because it has many users inside and therefore the attack would propagate effectively in a short time. This was explained by Skybox’s Director of Threat Intelligence, Marina Kidron:
“Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase,” said Skybox Director of Threat Intelligence Marina Kidron. “What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and number of victims may be extremely high.”
In the first half of 2019 alone, more than 7,000 new vulnerabilities were discovered, more than all those discovered throughout 2017, as stated by Skybox’s CTO, Ron Davidson:
“More than 7,000 new vulnerabilities were discovered in the first half of 2019 — that’s still significantly more than figures we’d see for an entire year pre-2017. So organizations are likely still going to be drowning in the vulnerability flood for some time,” said Ron Davidson, Skybox CTO and VP of R&D. “Roughly a tenth of these have an exploit available and just one percent are exploited in the wild. That’s why it’s so critical to weave in threat intelligence into prioritization methods, and of course consider which vulnerable assets are exposed and unprotected by security controls.”
The most classic hack is the one that mines one or more cryptocurrencies, usually Monero, but according to the report the focus would have shifted to cloud services rather than crypto mining.