Home United States USA — software Why attackers love to target misconfigured clouds and phones

Why attackers love to target misconfigured clouds and phones

212
0
SHARE

Unencrypted identity data stored in unsecured or misconfigured clouds is an attackers’ goldmine.
Data breaches tripled between 2013 and 2022, exposing 2.6 billion personal records in the past two years, with 2023 on its way to being a record year. These findings are from a recent report written by Professor Stuart E. Madnick of MIT, and underwritten by Apple. 
The report highlights a troubling trend of attackers becoming more proficient at finding and compromising misconfigured clouds and capitalizing on unsecured end-to-end phone encryption. Ransomware continues to grow as the attack strategy of choice.  
Despite Apple being incentivized to promote in-store purchases, transactions and Apple-specific end-to-end encryption through the research, the findings speak to broader threats to enterprises.
Madnick found a nearly 50% increase in organizations suffering a ransomware attack in the first half of 2023 compared to the first half of 2022. Attackers also go after fleets of mobile devices during attacks to freeze all communications until victims pay up.Misconfigured clouds are the open-door attackers hope for 
Unencrypted identity data stored in unsecured or misconfigured clouds is an attackers’ goldmine. Misconfigured clouds are also proving to be an easy onramp to steal identity data that can be resold or spun into new synthetic identities used for fraud. 
“Microsoft AI’s research division exposed over 38 terabytes of sensitive information due to a cloud misconfiguration, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from hundreds of Microsoft employees,” writes Madnick, citing TechCrunch’s story from earlier this year. Attackers know that the quicker they can take control of identities, starting with Microsoft Active Directory (AD), the more successful a ransomware attack will be.
In a recent interview with VentureBeat, Merritt Baer, Field CISO at  Lacework, says that bad actors look first for an easy front door to access misconfigured clouds, the identities and access to entire fleets of mobile devices. “Novel exploits (zero-days) or even new uses of existing exploits are expensive to research and discover. Why burn an expensive zero-day when you don’t need to? Most bad actors can find a way in through the “front door”– that is, using legitimate credentials (in unauthorized ways).” 
Baer added, “This avenue works because most permissions are overprovisioned (they aren’t pruned down/least privileged as much as they could be), and because with legitimate credentials, it’s hard to tell which calls are authorized/ done by a real user versus malicious/ done by a bad actor.”
Nearly 99% of cloud security failures are tracked back to manual controls not being set correctly, and up to 50% of organizations have mistakenly exposed applications, network segments, storage and APIs directly to the public. Data breaches that start because cloud infrastructure is misconfigured cost an average of $4 million to resolve, according to IBM’s Cost of a Data Breach Report 2023. End-to-end encryption needs to be part of a broader security strategy
Organizations need to think beyond end-to-end encryption if they’re going to harden their infrastructure and keep fleets of phones, endpoints and tablets secure.

Continue reading...