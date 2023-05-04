Cyber criminals have been targeting cloud entities with commonly used software in an effort to inflict maximum damage with minimal effort.

Almost two-thirds of cyber-attacks have been driven by financial motivations.

Jason Smart, PwC Global Threat Intelligence Asia Pacific lead has said, cyber criminals have been increasingly focusing attention on cloud infrastructure, such as AWS and Xero. They are stated as a “higher value target” due to cyber criminals being able to access client data from just one attack.

A reported analysis of cyber breaches last year affected 2462 organisations and found that 63% were motivated by financial gain for cyber criminals who were seeking ransom payments.

8% of breaches were caused by advanced persistent threat criminals. 3% were insiders, 2% were hacktivists, and the remainder were unknown.

Last year noted a slight decline in the number of organisations whose data was posted to leak sites, falling from 2471 in 2021. It has been increased significantly however from 1330 in 2020.

Jason Smart has advised that cyber criminals were choosing the option that offered the “lowest amount of effort to get the biggest amount of return.”

Some service providers held the data of over 3000 clients, or file-sharing tools with thousands of documents.

“We help a lot of clients move stuff to the cloud and uplift all of the technology and get them in a better position, and one of the things we’re seeing threat actors go after is very much targeting the cloud infrastructure.”

“Whether that be software in service-type tools or actual cloud infrastructure like AWS, Xero et cetera – those platforms threat actors have been taking a way deeper interest in.”

“If there was a supply chain type of attack, if they could get into one of those providers, then one of those softwares service solutions potentially has access to all their other clients. We’re seeing threat actors looking at that as a higher-value target that gives them a lot more leverage and a lot more access to data.”

The report has also indicated a weakness in Apache’s Log4j Java logging framework, known commonly as Log4Shell.

It affected 93% of business cloud entities, and an estimated hundreds of millions of global devices.

“That particular vulnerability in the Log4j that is pretty much used in a whole bunch of software, so common software that every organisation uses at some point was running that particular vulnerable incident.”

“So that whole idea of targeting bits of software earlier down the supply chain, it’s the same concept as going after the cloud infrastructure. If you can target software that is used by everybody it opens up the amount of data you can get hold of.”

“In that particular case … We saw threat actors able to turn the exploitation of that vulnerability in about 24 hours. It became public and in 24 hours we saw threat actors actively exploiting it.”