Moving your company’s data to the cloud has likely made it more agile and opened up new opportunities to streamline business. However, the cloud is another stream cybercriminals can prey upon to generate revenue (to the tune of around $10 million per year).
In this post, we’ll discuss how cyberattackers exploited cloud solutions in 2020 to bring small businesses to grinding halts.
Cyberattackers grow bolder year-over-year
In September 2020, WIRED magazine covered a story where an ER technician recounted in real-time the details of a ransomware attack that ravaged their hospital. That same month, ransomware attacks targeted hospitals, health care providers, and law firms at alarming rates and crippled school districts as students returned to classes (in-person and online).
Cybersecurity experts and researchers worldwide noted increases in more extreme extortion tactics like blackmail (i.e., exfiltrating a company’s data and threatening to leak it unless a ransom is paid).
The boldness of cyberattackers doesn’t bode well for smaller businesses, especially those with inadequate cloud security. Cloud jacking is an easy way for cyberattackers to mine sensitive data from an unsecured network. They can use that data against the company or encrypt it for ransoms ranging anywhere from $5000 – $200,000 on average.
Without some kind of comprehensive cloud security or disaster recovery solutions in place, it’s only going to get harder for SMBs to withstand sophisticated digital threats.
Cybercriminals are weaponizing AI to increase attack efficiency
AI and machine learning are essential parts of cybersecurity, but cybercriminals are sophisticated enough to turn AI and ML against us in many ways.
IBM Research developed DeepLocker to understand how malware techniques could be applied with existing AI models. The results were particularly challenging new strains of AI-empowered viruses and malware that could intelligently evade sophisticated cybersecurity protocols.
Some cybercriminals leverage similar technology to:
- Aggregate data to efficiently target attacks
- Conduct repetitive tasks like password guessing or Captcha input
- Imitate normal network behaviour
The combination of powerful technology, determination, and deviousness makes cyberthreats harder to detect and, therefore, protect against.
Technology evolves on all fronts—that includes nefarious tech too
As cyberattackers’ tactics are exposed over time, they’re forced to innovate.
For instance, phishing emails are no longer as easily identified by obvious misspellings, wonky formatting, and conspicuous attachments. Although certain individuals still employ these tactics (with moderate success), spear-phishing emails (that are alarmingly accurate dupes of legitimate emails) are becoming the norm.
By targeting individuals and collecting specific personal information, spear-phishers can weaponize a user’s data against them to create authentic-looking, customized spam emails. They can often make them appear like they’re coming from someone the user knows. The more information they manage to collect with follow-ups, the more information they can extract, the further they can penetrate through an organization’s defenses.
The hard pivot to hybrid and remote work exposed weak points in cloud security
When COVID-19 locked down most of the planet and forced employees to work from home, the number of security threats increased. VMware’s Carbon Black Global Threat Report found 91% of global respondents saw notable increases in widespread cyberattacks since the start of COVID-19.
Many cyberthreats prey on the vulnerabilities of lower-level employees. Once these employees started working away from the office, they were also away from their office networks’ enterprise-level security. With many employees using their personal computers to work from home, the vast majority don’t have adequate security systems in place (and many don’t know if they have any security protocols at all).
How can your team reinforce their IT defenses?
Outsourcing is an easier way to get robust cybersecurity support—especially as cyberattackers leverage more advanced technology and techniques to dismantle IT defenses.
Your IT team is warring with sophisticated factions of enemies whose sole purpose is to siphon your data and use it against your company. You need allies.
Vigilant Technologies offers high-quality cloud engineering and cybersecurity solutions at affordable prices to give small businesses a fighting chance against sophisticated cyberthreats.
If you’re interested in learning how we can support your IT team’s defenses, get in touch with our cybersecurity specialists.