Under Attack? Breach Response Hotline: Call 833.997.7327 (US/CAN)

Cloud Cyberattacks

Chris Swagler | January 9th, 2024


Several high-profile cloud cyberattacks occurred between 2020 and 2022 resulting from basic technical flaws that may have been avoided with faster detection and response. A solution architect from a cloud security company discovered that cloud cyberattacks are becoming more advanced, especially in the number of attacks and threat operators using automated tools, implying that defenders must speed up their detection and response capabilities to thwart them. Among the incidents, the researchers discovered several telling trends. Among these, threat operators are developing tools that automate the scanning, discovery, and exploitation of the attack’s target, and they gain access to systems using leaked credentials and common vulnerabilities. The researchers chose attacks from several industries to evaluate various cloud cyberattacks:

  • PyTorch – A threat operator utilized the PyPl code repository in December 2022 to download a compromised PyTorch dependency, including malicious code aiming to steal system data. The threat operator appeared to be an ethical cybercriminal testing the system and was only discovered when they attempted to disguise the malware and steal sensitive data.
  • MediBank – Threat operators acquired access to internal systems in November 2022 by using compromised login credentials, a method that may have involved VPN access. After a month of lurking on systems, the threat operators revealed to the bank what they had stolen. However, when the bank declined to pay the ransom, the threat operator released the information on the dark web.
  • Alibaba – Shanghai Police – A misconfigured Alibaba cloud server was left open on the internet for over a year without a password in July 2022, resulting in the theft of 23TB of data and its sale on a forum called Breach Forums. The 23TB file contained personal information on a billion Chinese residents that had been held in the Shanghai National Police database.
  • ONUS – In December 2021, threat operators used a vulnerable Log4j version on Vietnam’s largest crypto trading company. Around two million client records were stolen, including full names, E-KYC data, email addresses, phone numbers, encrypted passwords, and transaction histories.
  • Peloton – Researchers discovered in May 2021 that an unauthenticated user may read sensitive information for all users, observe live class statistics, and probe other class participants, even if users’ accounts were set to private mode. The threat operator might see users’ IDs, group memberships, locations, workout stats, and users’ gender and age, due to the vulnerability.
  • Equinix – The data center provider was hit by a ransomware attack in September 2020, affecting some of the company’s internal systems. Threat operators demanded a $4.5 million ransom from Equinix, claiming they could download important data from the company’s servers. They threatened to release the data if the ransom wasn’t paid. A nearly two-month investigation revealed that no critical information about customer operations or customer information was compromised, and the incident had no impact on data centers.

The goal of the investigation into these attacks was to identify the true failure points and areas for improvement. By concentrating on the technical details of the incidents and their long-term effects, these lessons can aid organizations in critically evaluating their cloud environments and security controls and procedures. According to researchers, learning from the attack and response patterns in these incidents can help improve cloud security and counteract cyber threats. One problem is that security teams frequently must choose between focusing on detection and response, which calls for numerous levels of security solutions, and prevention, which involves strengthening defenses. A benchmark for detection and response is required, particularly since threat operators might utilize automated technologies to further their attack efforts and because defenders must move more quickly to protect a larger surface area. A 5/5/5 benchmark was proposed, which should take companies five seconds to detect, five minutes to triage, and five minutes to respond to threats. The 5/5/5 benchmark was proposed because, in the cloud, everything happens so quickly that companies need everything to happen quickly, including detection, triage, and response time.

Learning from past cyberattacks on cloud service providers can help prevent the same mistakes that can lead to serious consequences. Additionally, companies need to remain vigilant of the current threat landscape and regularly update network infrastructures. At SpearTip, we offer a layered security system designed to protect our client’s critical assets, including those of their clients. With real-time monitoring and alerting capabilities, our service helps safeguard against cyberattacks and data theft. We enhance companies’ security maturity with Cloud application protection supported by our team of experienced professionals in our 24/7/365 Security Operations Center. The protection offered safeguards various applications, including Microsoft 365, Google Workspace, Salesforce, email tenants, and more, minimizing disruption so companies can focus on running their business and supporting their clients’ operations. Companies can enhance their cybersecurity posture and that of their clients with cloud application protection offering high-level insights with a unified monitoring and alerting system. Our services allow you to baseline security and track it over time.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.


Connect With Us

Featured Articles

OAuth Apps
Warning About OAuth Apps Used in BEC and Cryptomining Attacks
26 February 2024
Cybercrime Cases
FBI’s Biggest Cybercrime Cases in 2023
21 February 2024
Ransomware Groups
What To Expect From Ransomware Groups in 2024
19 February 2024
Cloud Threat Detection and Response
Improving Cloud Threat Detection and Response in 2024
16 February 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.