By Lisa Damast
It’s the time of year when goblins and ghouls come out to play, and what could be scarier than stories of cloud security incidents?
We’ve all heard horror stories about hacking and data breaches, and it can be downright chilling to think about what could happen if our cloud data were compromised.
Here are nine of 2022’s scariest cloud stories for developers and security professionals:
1. 80% of Organizations Had A Cloud Security Incident in 2021
80% of organizations experienced a serious cloud incident last year, with a further 25% worried they have suffered a cloud data breach but are unaware of it, according to cloud cybersecurity firm Snyk in its State of Cloud Security report, released in September.
The most prominent incidents cited in the report include:
- System downtime (34%)
- Cloud data breach (33%)
- Environment intrusion (27%)
2. Log4j, Like COVID, is Endemic and Still Requires Attention
In July, a report by the U.S. Department of Homeland Security’s Cyber Safety Review Board declared Log4j an “endemic vulnerability.”
The report explicitly warned the Log4j event is not over and remains deeply embedded in systems.
The reason why is even scarier.
3. Researchers Find 380,000 Open Kubernetes Servers
In May, The Shadowserver Foundation published a study that found that the vast majority of Kubernetes API servers were exposed to the public internet, a cause for concern given the increase in Kubernetes-based cyberattacks.
The study, which identified 450,000 Kubernetes API servers, found that 380,000 allowed some form of access.
4. Critical RCE Vulnerability Reminiscent of Log4j Issues
In April, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the remote code execution (RCE) vulnerability affecting the Spring Framework to its Known Exploited Vulnerabilities Catalog.
The designation was based on evidence of active exploitation.
And the impact the vulnerability will have on organizations is similar to what we recently experienced with the vulnerability found in Apache’s Log4j software library in December 2021. Here’s why.
5. European Politicians Duped into Deepfake Video Calls with the Mayor of Kyiv
From The Guardian (June 2022): “The mayor of Berlin, Franziska Giffey, took part in a scheduled call on the Webex video conferencing platform on Friday with a person she said looked and sounded like Klitschko.
“There were no signs that the video conference call wasn’t being held with a real person,” her office said in a statement.”
Giffey and other mayors throughout Europe had been “duped into having these video calls with a deepfake of their counterpart in Kyiv, Vitali Klitschko.”
6. Linux Multi-Cloud Ransomware Attacks Expected to Increase
From February 2022: “A report by cloud computing and virtualization provider #VMWare, “Exposing Malware in Linux-Based Multi-Cloud Environments,” details the increasing threat of ransomware to multi-cloud platforms, of which Linux is used almost exclusively.
- Weak authentication and misconfigurations in container-based infrastructures, such as Kubernetes, Container Linux and Photon OS, are two of the primary ways attackers are able to infiltrate cloud-based environments.
- In the second instance, VMWare’s Threat Analysis unit found that the Monero cryptocurrency, infamous for its hard-to-track payment system, which has made it a favorite of the dark web, was the currency 89% of attackers would mine on their stolen CPU cycles. Read more
7. Cost of Average Data Breach Increases For Third Year In A Row
The average cost of a data breach has increased for the third year in a row, according to IBM’s Cost of a Data Breach Report 2022, with organizations forking out $4.35 million in 2021, a 2.6% increase on the previous year.
8. AWS Serverless Vulnerability Identified For The First Time
From June 2022: “A recently published blog post detailed the first publicly-known case of malware built and executed in an AWS Lambda environment.
The malware was only designed to run crypto-mining software for the XMR coin, but Cado Security anticipates that there may be more severe use cases that attackers will exploit in the near future.”
9. Ransomware Hackers Turn Aim To Midmarket Targets
From March 2022: “After several high profile ransomware attacks in 2021, including the Colonial Pipeline, JBS and Washington DC Metropolitan Police Department, hackers are reportedly aiming for more low-key targets in 2022…
The key reason for this is to avoid the publicity that many of those high profile cases garnered, which led to FBI and CIA investigations and even pressure on Russian and Ukrainian governments to find the people responsible, such as DarkSide and REvil.” Read more
What’s the scariest security story you’ve heard this year?
This was originally published as an article on LinkedIn on October 31, 2022. Keep up to date on cloud security on CloudDataInsights.com