Cloudjacking and cloud mining may be unfamiliar terms for business owners, but cyber criminals are becoming plenty familiar with the tactic. They are crucial to know because they’re being used more often to steal data. As new entry points for ransomware attacks, these tactics makes data backups an even more key component of any cyber resilience plan. Let’s first define the terms so you can grasp their seriousness.
- Cloud jacking: the practice of acquiring illicit access to a company or organization’s cloud computing resources. Oftentimes, they do so by checking for compromised cloud accounts or web development tools.
- Cloud mining: stealing cloud computing resources to mine for cryptocurrencies without the owner’s knowledge.
So, cloudjacking is the act of gaining access to cloud resources. And once in, cloud mining is only one of the possible threats attackers may perform. The other is ransomware. Given that the importance of cloud computing for organizations of all sizes is rising, this second tactic is a growing threat.
SMB’s as targets
In terms of headlines generated, one of the most famous examples of cloudjacking was an attack on Tesla in 2018. In this instance, cybercriminals were found running malware to leech the company’s cloud computing resources. Hackers aren’t just launching cloudjacking attacks on bigger corporations though. As with other attack methods, they often see small and medium-sized businesses (SMBs) as attractive targets as well.
Smaller companies may have avoided these cloud compromises several years ago without too much interruption. Nowadays, however, the information and resources stored or run through the cloud each day are important. If they were to lose access to public or private cloud assets, many businesses would simply be crippled.
Therefore, the pressure to pay a ransom is far greater than it was even three years ago. But for malicious attackers to monetize their efforts, ransoms are not their only tactic. They will get right to work- developing cryptocurrency through cloud mining while avoiding notice for as long as they can.
How to protect against cloudjacking and cloud mining
The risk should be anticipated and properly controlled, not ignored. In regards to cloudjacking, the best solution is a technique that helps manage the risk and minimize the harm if it were to happen. We are going to continue using the cloud. We are going to continue storing and processing sensitive information in it.
Defending against cloudjacking is not always easy, but it is necessary. Usernames and passwords are a weaker method of defense, and they aren’t good enough anymore. So, alternative methods need to be used, and more layers of defense need to be added. The extra, simple step of enabling MFA goes a long way to help protect your public cloud data and resources. Additionally, it makes it more difficult for an attacker to get their hands on. You can read more about MFA here.
This will and has become a major security risk, and has produced a growing urgency to advance cloud security protocols. Cybercriminals are constantly upping their game so they can cloudjack data and information from you. So, the competition is on to see who’s doing cloud security better- the good guys or the bad guys.