The rise of ransomcloud

Often considered the backbone of the Australian economy, small businesses are increasingly relying on cloud computing to support day-to-day business functions and gain the technology infrastructure needed to operate, particularly over the past two years.

As this transition to cloud continues, it’s become increasingly clear that cybersecurity is just as important for these smaller businesses as it is for large multinationals. It’s also clear that while cloud service providers try to make their cloud environments as secure as possible, cybersecurity risks are still rampant.

Don’t ever think you aren’t at risk. Every business is a target, regardless of size and no organisation can afford to ignore the security of its IT infrastructure.

The latest Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report found that small businesses made a higher number of cybercrime reports in the financial year ending 30 June 2021 than the previous year.

What threats are in the cloud?

With the rapid shift to the cloud, the rise of ransomcloud is concerning. This is a type of ransomware attack that targets customers, but not the cloud service provider itself. It’s geared towards infecting files in the cloud, predominantly those in Office 365 and G-Suite environments.

To be successful, the attacker must have valid user account credentials for a cloud account, as well as have access to all files and resources permitted to the user account. The hacker then uses phishing, a known data leak, cloud misconfiguration, malware stealers, DDoS attacks, or any other way to gain control of the user’s cloud account. Once inside, the hacker can deploy ransomware that encrypts and steals the victim’s information.

While at this stage larger organisations are mostly at risk from ransomcloud, it should be on the radar for all small businesses. Companies with a multiple-user cloud account with access to files and resources permitted are at the most risk due to phishing being the primary attack vector. Compromise here means the ransomware attack has a greater attack surface to play with.

How does ransomcloud work?

There are a few common methods attackers use to target the cloud. Firstly, they often exploit the synching of machines to the cloud. By encrypting data locally and then syncing the device to the cloud, the data stored within it gets encrypted as well.

They also use ordinary phishing campaigns to gain the credentials of their targets to access the cloud, as well as take advantage of insecurely configured cloud technology. Another high yield method is to target the cloud providers themselves to gain access to multiple victims using the cloud.

How can you protect your business?

There are, simple measures you can introduce to help prevent common cybersecurity incidents in the cloud.

The most important thing is to understand there’s a shared responsibility for data security between organisations and the cloud provider. Ask your provider for planning strategies on how to recover from a ransomware attack and other types of outages.

Consider the security measures you have in place to protect against attacks of this nature, ensuring two-factor authentication is activated and allowing permissions for cloud resources only to user accounts that need them.

Use anti-phishing tools and ensure employees undergo security awareness training. As part of this, the importance of employees using a complicated password that mustn’t be reused across services should be established. Also mandate password changes at appropriate intervals.

Finally, backups are vital. Store information in multiple locations while completing test restores to assess resilience.