Cloud Cyberattacks

Chris Swagler | January 9th, 2024


Several high-profile cloud cyberattacks occurred between 2020 and 2022 resulting from basic technical flaws that may have been avoided with faster detection and response. A solution architect from a cloud security company discovered that cloud cyberattacks are becoming more advanced, especially in the number of attacks and threat operators using automated tools, implying that defenders must speed up their detection and response capabilities to thwart them. Among the incidents, the researchers discovered several telling trends. Among these, threat operators are developing tools that automate the scanning, discovery, and exploitation of the attack’s target, and they gain access to systems using leaked credentials and common vulnerabilities. The researchers chose attacks from several industries to evaluate various cloud cyberattacks:

  • PyTorch – A threat operator utilized the PyPl code repository in December 2022 to download a compromised PyTorch dependency, including malicious code aiming to steal system data. The threat operator appeared to be an ethical cybercriminal testing the system and was only discovered when they attempted to disguise the malware and steal sensitive data.
  • MediBank – Threat operators acquired access to internal systems in November 2022 by using compromised login credentials, a method that may have involved VPN access. After a month of lurking on systems, the threat operators revealed to the bank what they had stolen. However, when the bank declined to pay the ransom, the threat operator released the information on the dark web.
  • Alibaba – Shanghai Police – A misconfigured Alibaba cloud server was left open on the internet for over a year without a password in July 2022, resulting in the theft of 23TB of data and its sale on a forum called Breach Forums. The 23TB file contained personal information on a billion Chinese residents that had been held in the Shanghai National Police database.
  • ONUS – In December 2021, threat operators used a vulnerable Log4j version on Vietnam’s largest crypto trading company. Around two million client records were stolen, including full names, E-KYC data, email addresses, phone numbers, encrypted passwords, and transaction histories.
  • Peloton – Researchers discovered in May 2021 that an unauthenticated user may read sensitive information for all users, observe live class statistics, and probe other class participants, even if users’ accounts were set to private mode. The threat operator might see users’ IDs, group memberships, locations, workout stats, and users’ gender and age, due to the vulnerability.
  • Equinix – The data center provider was hit by a ransomware attack in September 2020, affecting some of the company’s internal systems. Threat operators demanded a $4.5 million ransom from Equinix, claiming they could download important data from the company’s servers. They threatened to release the data if the ransom wasn’t paid. A nearly two-month investigation revealed that no critical information about customer operations or customer information was compromised, and the incident had no impact on data centers.

The goal of the investigation into these attacks was to identify the true failure points and areas for improvement. By concentrating on the technical details of the incidents and their long-term effects, these lessons can aid organizations in critically evaluating their cloud environments and security controls and procedures. According to researchers, learning from the attack and response patterns in these incidents can help improve cloud security and counteract cyber threats. One problem is that security teams frequently must choose between focusing on detection and response, which calls for numerous levels of security solutions, and prevention, which involves strengthening defenses. A benchmark for detection and response is required, particularly since threat operators might utilize automated technologies to further their attack efforts and because defenders must move more quickly to protect a larger surface area. A 5/5/5 benchmark was proposed, which should take companies five seconds to detect, five minutes to triage, and five minutes to respond to threats. The 5/5/5 benchmark was proposed because, in the cloud, everything happens so quickly that companies need everything to happen quickly, including detection, triage, and response time.

Learning from past cyberattacks on cloud service providers can help prevent the same mistakes that can lead to serious consequences. Additionally, companies need to remain vigilant of the current threat landscape and regularly update network infrastructures. At SpearTip, we offer a layered security system designed to protect our client’s critical assets, including those of their clients. With real-time monitoring and alerting capabilities, our service helps safeguard against cyberattacks and data theft. We enhance companies’ security maturity with Cloud application protection supported by our team of experienced professionals in our 24/7/365 Security Operations Center. The protection offered safeguards various applications, including Microsoft 365, Google Workspace, Salesforce, email tenants, and more, minimizing disruption so companies can focus on running their business and supporting their clients’ operations. Companies can enhance their cybersecurity posture and that of their clients with cloud application protection offering high-level insights with a unified monitoring and alerting system. Our services allow you to baseline security and track it over time.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

Security Awareness Training
Security Awareness Training Crucial Role
22 May 2024
Phishing Campaign Assessments
Phishing Campaign Assessments Can Be Effective For Companies
20 May 2024
Incident Response Planning
Incident Response Planning: Why It's Important
17 May 2024
Ransomware Experiments
Ransomware Experiments on Developing Countries
15 May 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Frequently Asked Questions

What specific actions can individuals and organizations take to mitigate the risks and vulnerabilities associated with cloud cyberattacks?

Individuals and organizations can take several actions to mitigate the risks and vulnerabilities associated with cloud cyberattacks. Firstly, they should ensure that their cloud providers have adequate security measures in place to protect their data. Secondly, they should implement multi-factor authentication, strong passwords, and access controls to limit unauthorized access. Thirdly, they should conduct regular security assessments and audits to identify and address any vulnerabilities in their systems. Finally, they should have a comprehensive incident response plan in place to quickly respond to any cyberattacks.

How do cloud service providers ensure the security and protection of their clients' data in the face of evolving cyber threats?

Cloud service providers ensure the security and protection of their clients' data in the face of evolving cyber threats by implementing a range of security measures and protocols. These include encryption, access controls, firewalls, intrusion detection and prevention systems, and regular security assessments and audits. They also have dedicated security teams that monitor and respond to any security incidents or threats. Additionally, cloud service providers comply with industry standards and regulations, such as GDPR and SOC 2, to ensure that their security measures are up to par.

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.