[adning id=”12070″]

[adning id=”12070″]

Small businesses have ‘greatest risk’ of cloud cyber attacks

Research conducted over a six-month period shows small businesses are at serious risk of having their data accessed by cybercriminals.

Melbourne-based cyber security group Lacework has released the third volume of its Cloud Threat Report, a semi-annual accounting of the ongoing cyber security threats impacting the cloud. They found that threat actors are broadening the scope of their efforts to gain illicit access to cloud data and resources.

ABF media

In addition to increased targeting of cloud platforms beyond AWS, Microsoft Azure and Google Cloud, malicious actors are rapidly adapting new attacks to target organisations in the cloud. As world governments issue warnings over the increasing cybercrime threat, the report’s findings highlight some of the most common threats businesses should protect against.

Small businesses, in particular, are at risk from cloud access brokers, who sell access to cloud accounts online. According to the report, 78% of SMEs observed by the Lacework Labs team had compliance violations within their cloud infrastructure, opening the door for attackers to gain initial access, escalate privileges and impact protected data.

Threat actors continue to show sophistication as they create and adapt new attacks to compromise the cloud, according to James Condon, director of research at Lacework.

“Organisations moving more data to cloud infrastructure need to be just as nimble, employing security best practices and modern tools with continuous monitoring to stay ahead of cybercriminals and keep critical information safe,” Mr Condon said.

This third instalment of the Cloud Threat Report highlights four key areas of cloud security: cloud security posture, vulnerabilities and software supply chain, runtime threats and Linux malware, and proactive defence and intelligence.

ABF media

From September 2021 to February 2022, the report found that despite being one of the largest cloud services providers, AWS accounts make up only 16% of overall hosting of illicit access for sale, while lesser-known companies like HostGator and Bluehost make up half.

Though corporate accounts are being offered for as low as US$300 and upwards of US$30,000, the average price of a compromised AWS account is roughly US$40. This high volume of lower-priced inventory indicates that attackers may be taking advantage of the increased compliance violations in small businesses and a lack of focus on securing consumer accounts.

Based on the findings of this report, Lacework Labs recommends that defenders evaluate security infrastructure against industry best practices and implement proactive defence and intelligence tools with active vulnerability monitoring.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email
Share on print
Print

Leave a Comment

Your email address will not be published. Required fields are marked *

SUBSCRIBE FREE
SME NEWS BRIEFS

Get breaking news delivered
  • This field is for validation purposes and should be left unchanged.

RECEIVE GOVT GRANT OF $10K to $250K*.

Austrade Approved Business Events
AVAILABLE NOW APPLY BEFORE 30th MARCH 2021 (Condition apply)

  • ABF Events are approved and listed below have been certified by Austrade on the Schedule of Approved Business Events.
  • This allows exhibitors, sponsors, delegates and partners to participate in the Business Events Grant Program. Note event bookings need to be confirmed ASAP to participate in the grant program
  • The program provides 50% rebate (based on a minimum spend of $20k) for approved items including ABF event-media packages, exhibition stands, corporate function tables, delegate registrations.
  • Govt Grant applications are now open until the 30 March. Please contact ABF to discuss how we can assist, we have experts to assist grant applications.
  • Grant funding will cover up to 50% of eligible expenditure incurred in participating at pre-approved business-to-business events as buyers or sellers during the 2021 calendar year.  All grant applications must be submitted for approval via the following link: https://business.gov.au/grants-and-programs/business-events-grants
  • For further information please see this fact sheet.