In recent times, the widespread use of cloud services has become common for most organizations. While many organizations now enjoy the savings and convenience afforded by hosting their data and services on cloud platforms, this shift towards the cloud brings with an increased vulnerability to data theft and cyberattacks.
What organizations often fail to understand is that the cloud model is a shared security model, meaning that the onus of security does not solely lie with the provider. The organization bears responsibility, too. Failings such as weak access credentials and a lack of understanding of the more sophisticated threats make it easier for attackers to breach the cloud. Here are a few examples of organizations that have fallen prey to attacks that resulted in large-scale breaches of data.
In August 2021, Accenture was targeted by an organization known as LockBit, who released ransomware and claimed to control 6 TB of data. The hackers demanded $50 million USD from Accenture, threatening to leak the data if the ransom wasn’t paid. While Accenture was able to eventually restore all its data from backups, it did so without paying the ransom.
After LockBit’s deadline was not met, it began leaking data it claimed belonged to Accenture and Accenture’s customers. Some of the compromised information included confidential data, authentication and decryption keys, user data, and metadata. As a result, many of Accenture’s customers reportedly suffered from an increase in cyberattacks due to much of the information stolen from this particular breach being made available for purchase on the dark web.
In July of 2021, a group that called themselves REvil demanded a ransom of $70 million USD from Kaseya, which owns and operates software used my managed service providers (MSPs). Due to the number of Kaseya customers being MSPs with their own clients, the hackers were able to hold the data of more than 1,000 companies for ransom.
REvil released ransomware through Kesya’s compromised servers, resulting in many companies having to deal with compromised nodes. The US government at that time tried its best to intervene, but their reach was limited because Kaseya has customers all over the globe. Although Kaseya had quickly put out many statements to pacify customers that they had limited the scope of the attack, the attack seemed to be quite widespread. One notable casualty of this attack on Kaseya was the Swedish supermarket chain Coop, which had to close almost 800 stores for 24 hours due to their checkout systems being rendered unavailable.
Raychat is an Iranian messaging application where a misconfigured database led to exposure of almost 250 million accounts, including usernames, passwords, emails, encrypted chat data, and metadata. A malicious bot entered the system through the loophole and wiped the company’s database.
Raychat admitted to the attack once it was exposed on Twitter by Bob Diachenko, a cybersecurity professional who discovered Raychat’s vulnerable database. While investigating the extent of the breach, Bob discovered a ransom note requesting a small sum of 0.019 Bitcoin, but determined that it was unlikely that all of the data was copied before being deleted. It would have costed the company an estimated $1 billion USD to recover all the data, but this was partially relieved by having chat backups in place. The stolen data was reportedly available on the dark web for sale though.
All of these attacks and others like them signify the need to have a comprehensive cloud security strategy in place. For some organizations, the best way to monitor and secure your cloud installation could be through the implementation of a cloud access security broker (CASB). They are a cloud security enforcer that is placed between a cloud service provider and a consumer to ensure security when the cloud is being accessed.
Want to learn more on how a CASB helps you enhance your cloud security posture? Check out our white paper.