Around 25% organizations experienced cryptojacking activities in their cloud environment in 2018, up from just 8% in last quarter, according to Cloud Security Trends report by RedLock.
RedLock’s Cloud Security Intelligence (CSI) team published the report to shed light on the cloud security trends in 2018.
- Cryptojacking becoming mainstream
The report highlighted that cryptojacking, a cyber-attack where hackers hijack processing power of target to mine cryptocurrency, is becoming a serious emerging threat to the businesses.
Organizations are aware of the attacks against cloud and use several practices to prevent from attacks, but still the attack vectors are on the rise. The cryptojacking increased by more than thrice this year.
The cryptocurrency mining requires a lot of computing power, and hence the attackers are stealing cloud computing resources to mine it. CSI team found that some attackers were using advanced evasion techniques for cryptojacking.
- Majority of resources do not restrict outbound traffic
85% of the organizational resources related to security groups didn’t have any firewall restrictions on outbound traffic, up from 80% a year before. This could lead to accidental data loss and data exfiltration in data breach incidents.
RedLock suggested that organizations should implement a ‘deny all’ default firewall policy, monitor network traffic to identify suspicious activities, and monitor the user activity as well for any abnormal behavior.
- 43% of access keys not rotated in last 90 days
Another key finding of the report was that 43% of organizations had not changed their access keys and credentials in last 90 days. It’s a big concern because despite the past issues like leaked credentials in GitHub repositories, a majority of organizations left themselves open to attack vectors.
Around 17% organizations suffered from potential account compromises, and 51% organizations publicly exposed one or more cloud storage service.
- 20% organizations allowing root user activities
A positive finding of the report was that only 20% of organizations allowed root user account to be used for performing the activities, down from 73% last year. The root user accounts should not be used for regular operations. The multi-factor authentication should be enforced on root user accounts, and should be monitored for any suspicious behaviors.
- 49% of databased not encrypted
With the growing trend to encrypt databases because of cybersecurity standards like GDPR (general data policy regulation), the database encryption has increased. Last year, 82% databases were found unencrypted, which has now decreased to 49%.
CSI team further revealed in the report that 24% of organizations had hosts missing critical patches in public cloud. This left the host vulnerable to suspicious traffic from internet.
“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks. Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security. This is a constant and shared responsibility.”