Besides physical attacks, the Russian invasion of Ukraine has been accompanied by a dangerous cyberwar.
For example, a new type of wiper malware, CaddyWiper, has targeted Ukrainian organizations striving to delete their data and disrupt their services. Wiper attacks have been followed by distributed denial of service (DDoS) attacks that have been overwhelming traffic on Ukrainian sites since February.
One of the primary targets on the cyber front of the war has been critical infrastructures — including military and government websites. Cloud computing technology that many organizations have been using to increase their storage, enable remote work, and make their networks convenient has also been targeted.
Sensitive data on the cloud, and the possibility of taking control over entire systems, have made cloud environments a highly targeted attack surface in this virtual conflict.
What should you know about the latest attacks on the cloud, how can companies protect their cloud environments, and how will that affect cloud vendors in the future?
Let’s take a closer look.
Attacks on cloud environments
Cloud technology has been targeted with DDoS attacks. Many of these breaches have been performed by inexperienced hackers, proving that less-tech savvy individuals can have a significant role in cyberwar.
Findings from public repositories show that tools and codes for attacks are readily available in order to perform cyberattacks on cloud environments.
Images that have been found show detailed instructions along with websites that malicious actors recommend attackers target next. Common targets have been high-ranking public figures, media brands and networks.
How to protect cloud technology from breaches
Cloud security is the mutual responsibility of service vendors and clients that use the cloud.
Cloud vendors must provide services with built-in protection from common cyber breaches. For a safe cloud environment, cybersecurity teams need access to the right tools to decrease the chance of misconfiguration — a common error in case of improper use of cloud technology.
While the responsibility is mutual, what exactly can organizations do about cloud security themselves?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) suggests taking steps for quick detection of threats, employing zero trust to protect the cloud, preparing for common cyberattacks, and planning for the worst.
Detecting threats on time is crucial, because the longer the attack goes on, the more damage hackers can inflict on your systems. CISA suggests that IT teams be on constant alert and look for potential threats while ensuring that all the security tools that protect the organization work properly.
Employing zero trust or having organized networks such as ZTNA protects cloud environments from potential breaches. With security that trusts no one and questions the level of access users should have, you can avoid exploiting common flaws of the cloud, such as unauthorized access.
Lately, attacks targeting cloud platforms include phishing, ransomware and DDoS attacks. CISA advises organizations to take precautions and have the measures, tools, and protocols to protect them from common cyber breaches. This includes detecting, protecting, and responding to likely types of attacks.
Even if your cloud structure might be safe, CISA suggests you plan for the worst-case scenario.
Cloud vendors strike back at Russia
Interestingly enough, many cloud vendors have pulled their services from Russia to show their support for Ukraine.
Some of the more well-known providers that have withdrawn their services in Russia include Google Cloud, Azure, and AWS.
Companies have been announcing that they’re cutting ties with Russia, removing their services from the nation, or stopping sales entirely. Besides having strong security, this is one way in which cloud vendors can help, while also protecting their business reputations.
The future of cloud services — will trust forever be lost?
The hacking of cloud technology might affect future customers’ decisions to purchase said services and use this technology to scale their business in a cost-effective and convenient way.
Even though cloud technology has been a reliable lifeline for companies that had to adjust to remote work in the first year of the pandemic, weaponizing cloud technology might reshape the way people perceive cloud computing.
Cybercriminals have heavily targeted cloud services during the pandemic shift to remote work. They’ve exploited the adjustment period to target common vulnerabilities of the cloud — such a misconfiguration. As a result, people link cloud technology with a lack of security, breaches, and cyberattacks.
While cloud computing has been gradually replacing traditional infrastructures, rising breaches prove how vulnerable the technology can be, prompting organizations to show reservations when deciding whether they should invest in the cloud.
Therefore, having strong cybersecurity and being ready for breach is now more important than ever.