The Appeal of Misconfigured Clouds and Phones to Cyber Attackers

The Appeal of Misconfigured Clouds and Phones to Cyber Attackers

Data breaches have significantly increased over the past decade, exploding from 2013 to 2022 and exposing around 2.6 billion personal records just in the last two years. 2023 is also on track to be a record-breaking year for data breaches. This information comes from a report by MIT Professor Stuart E. Madnick, sponsored by Apple.

The report reveals that attackers are improving their methods, particularly by exploiting poorly configured cloud systems and unsecured end-to-end phone encryption. Ransomware remains a preferred attack strategy. While Apple is keen to promote in-store purchases and their own end-to-end encryption, the report underscores larger security threats facing all enterprises.

Madnick discovered that ransomware attacks on organizations surged by nearly 50% in the first half of 2023 compared to the same period in 2022. Attackers frequently target fleets of mobile devices to paralyze communications until the ransom is paid.

Misconfigured clouds are particularly vulnerable, as they often store unencrypted identity data. Attackers see these misconfigured clouds as a treasure trove, perfect for identity theft and creating synthetic identities for fraud. An example highlighted is a breach in Microsoft’s AI research division, which exposed over 38 terabytes of sensitive data due to a cloud misconfiguration.

Merritt Baer, Field CISO at Lacework, emphasizes that bad actors often seek the easiest path, such as misconfigured clouds and unauthorized use of legitimate credentials. Nearly 99% of cloud security failures are due to incorrect manual settings, with up to 50% of organizations inadvertently exposing their systems to the public. Misconfigured cloud infrastructures can cost around $4 million to resolve per incident, according to IBM’s Cost of a Data Breach Report 2023.

To improve security, organizations must focus on more than just end-to-end encryption; they need strategies to detect unauthorized access using legitimate credentials. Lacework’s Baer stresses the importance of granular security measures to effectively identify anomalies.

CISOs tell VentureBeat that 2023 is the year for endpoint consolidation, aiming to reduce overlapping systems and streamline analysts’ workloads through Unified Endpoint Management (UEM). Leading vendors like IBM, Microsoft, and VMware are prominent in this field. Srinivas Mukkamala of Ivanti notes that the convergence of 5G and IoT will redefine digital experiences, necessitating robust infrastructure to support ubiquitous connectivity.

UEM is crucial for implementing passwordless authentication and mobile threat defense. Ivanti is notable for combining UEM, passwordless multi-factor authentication, and mobile threat defense on a single platform, a method also utilized by the National Institutes of Health (NIH).

Gartner predicts that by 2025, over 50% of the workforce and 20% of customer authentication transactions will be passwordless, a significant increase from current figures.

Attackers are continually evolving to leverage new technologies and pressure victims into paying ransoms quickly. Tools like FraudGPT help attackers refine their skills, and there has been a noticeable increase in breaches involving “cloud-conscious” threat actors, who are becoming more interested in accessing cloud data.

Access brokers on the dark web are growing rapidly, offering bulk deals on stolen identities and privileged-access credentials. Industries like healthcare and manufacturing, which are time-sensitive, are particularly targeted by attackers aiming for quick ransoms.

CrowdStrike’s CEO George Kurtz notes that new SEC disclosure laws have introduced “triple extortion,” where attackers can encrypt data, leak it, or report breaches directly to the SEC if they don’t get paid.

CISOs and CIOs are tasked with safeguarding their companies’ revenue-generating operations and enhancing security around new initiatives without obstructing growth. It’s essential for CISOs to be active on boards to influence and guide businesses on security resilience.

Stay informed with the latest industry news by subscribing to our daily and weekly newsletters.